Lucene search
SnykCVELIST:CVE-2021-23424HistoryAug 18, 2021 - 12:00 a.m.
CVE-2021-23424 Regular Expression Denial of Service (ReDoS)
2021-08-1800:00:00
snyk
www.cve.org
4
cve-2021-23424
regular expression denial of service
ansi-html
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
AI Score
7.8
Confidence
High
EPSS
0.002
Percentile
59.8%
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.
CNA Affected
[
{
"product": "ansi-html",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
prion
prion
Input validation
2021-08-18 17:15:00
cve
cve
CVE-2021-23424
2021-08-18 17:15:07
redhatcve
redhatcve
CVE-2021-23424
2021-08-19 19:40:05
nvd
nvd
CVE-2021-23424
2021-08-18 17:15:07
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-08-19 01:40:26
osv
osv
Uncontrolled Resource Consumption in ansi-html
2021-09-02 17:15:24
github
github
Uncontrolled Resource Consumption in ansi-html
2021-09-02 17:15:24
ibm
ibm
Security Bulletin: Ansi-html is vulnerable to CVE-2021-23424 used in IBM Maximo Application Suite
2023-05-08 20:38:15
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 18:38:12
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P
AI Score
7.8
Confidence
High
EPSS
0.002
Percentile
59.8%
Related for CVELIST:CVE-2021-23424