The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

References

github.com/sindresorhus/normalize-url/releases/tag/v6.0.1

security.netapp.com/advisory/ntap-20210706-0001/

ibm 15

debiancve 1

redhatcve 1

osv 7

cve 1

nessus 22

ubuntucve 1

nodejs 1

veracode 1

github 1

nvd 1

prion 1

redhat 8

oraclelinux 3

almalinux 3

rocky 3

ibm

Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by a ReDoS flaw when processing URLs (CVE-2021-33502)

2021-07-30 04:30:32

Security Bulletin: Open Source Dependency Vulnerability

2023-05-15 18:59:14

Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerability

2021-06-23 13:21:49

debiancve

CVE-2021-33502

2021-05-24 16:15:08

redhatcve

CVE-2021-33502

2021-05-25 14:57:29

osv

ReDoS in normalize-url

2021-06-08 23:11:43

Moderate: nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

Moderate: nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

cve

CVE-2021-33502

2021-05-24 16:15:08

nessus

RHEL 8 : 12_nodejs-nodemon (Unpatched Vulnerability)

2024-06-03 00:00:00

RHEL 8 : nodejs-normalize-url (Unpatched Vulnerability)

2024-05-11 00:00:00

RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931)

2021-07-28 00:00:00

ubuntucve

CVE-2021-33502

2021-05-24 00:00:00

nodejs

Regular Expression Denial of Service

2021-06-08 23:12:07

veracode

Regular Expression Denial Of Service (ReDoS)

2021-05-25 07:10:20

github

ReDoS in normalize-url

2021-06-08 23:11:43

nvd

CVE-2021-33502

2021-05-24 16:15:08

prion

Denial of service

2021-05-24 16:15:00

redhat

(RHSA-2021:2931) Moderate: rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon security update

2021-07-28 07:39:24

(RHSA-2021:2932) Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update

2021-07-28 07:39:31

(RHSA-2022:4711) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update

2022-05-26 16:04:07

oraclelinux

nodejs:16 security, bug fix, and enhancement update

2021-12-16 00:00:00

nodejs:14 security, bug fix, and enhancement update

2022-02-02 00:00:00

nodejs and nodejs-nodemon security and bug fix update

2022-09-22 00:00:00

almalinux

Moderate: nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

Moderate: nodejs:14 security, bug fix, and enhancement update

2022-02-01 20:08:39

Moderate: nodejs and nodejs-nodemon security and bug fix update

2022-09-20 00:00:00

rocky

nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

nodejs:14 security, bug fix, and enhancement update

2022-02-01 20:08:39

nodejs and nodejs-nodemon security and bug fix update

2022-09-20 11:37:49

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

43.1%

JSON

Related for CVELIST:CVE-2021-33502