Lucene search
SnykCVELIST:CVE-2021-23343HistoryMay 04, 2021 - 12:00 a.m.
CVE-2021-23343 Regular Expression Denial of Service (ReDoS)
2021-05-0400:00:00
snyk
www.cve.org
4
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
8.7
Confidence
High
EPSS
0.003
Percentile
68.6%
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
CNA Affected
[
{
"product": "path-parse",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-05-05 05:46:25
redhatcve
redhatcve
CVE-2021-23343
2021-05-04 14:31:14
nvd
nvd
CVE-2021-23343
2021-05-04 09:15:07
ibm
ibm
osv
osv
CVE-2021-23343
2021-05-04 09:15:07
Regular Expression Denial of Service in path-parse
2021-08-10 15:33:47
Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
github
github
Regular Expression Denial of Service in path-parse
2021-08-10 15:33:47
cve
cve
CVE-2021-23343
2021-05-04 09:15:07
nessus
nessus
RHEL 8 : nodejs-path-parse (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 8 : RHV Manager (ovirt-engine) security update [ovirt-4.4.7] (Moderate) (RHSA-2021:2865)
2021-07-22 00:00:00
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:0531-1)
2022-02-22 00:00:00
nodejs
nodejs
Regular Expression Denial of Service in path-parse
2021-08-10 15:59:47
prion
prion
Code injection
2021-05-04 09:15:00
redhat
redhat
(RHSA-2021:2865) Moderate: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]
2021-07-22 14:06:26
(RHSA-2021:3623) Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
(RHSA-2021:3666) Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:0569-1)
2022-02-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0563-1)
2022-02-25 00:00:00
openSUSE: Security Advisory for nodejs12 (openSUSE-SU-2022:0657-1)
2022-03-03 00:00:00
suse
suse
Security update for nodejs12 (important)
2022-03-02 00:00:00
Security update for nodejs8 (important)
2022-03-04 00:00:00
Security update for nodejs14 (important)
2022-03-04 00:00:00
rocky
rocky
nodejs:14 security and bug fix update
2021-09-27 06:47:35
nodejs:12 security and bug fix update
2021-09-21 12:33:58
almalinux
almalinux
Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
oraclelinux
oraclelinux
nodejs:12 security and bug fix update
2021-09-22 00:00:00
nodejs:14 security and bug fix update
2021-09-27 00:00:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
8.7
Confidence
High
EPSS
0.003
Percentile
68.6%
Related for CVELIST:CVE-2021-23343