Lucene search
AnonymousNODEJS:1762HistoryJun 28, 2021 - 6:33 p.m.
Regular Expression Denial of Service
2021-06-2818:33:51
Anonymous
www.npmjs.com
40
0.001 Low
EPSS
Percentile
46.4%
Overview
In prismjs before 1.24.0 some languages are vulnerable to Regular Expression Denial of Service (ReDoS).
Impact
When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. Do not use the following languages to highlight untrusted text.
- ASCIIDoc
- ERB
Other languages are not affected and can be used to highlight untrusted text.
Patches
This problem has been fixed in Prism v1.24.
References
- PrismJS/prism#2774
- PrismJS/prism#2688
Recommendation
Upgrade to version 1.24.0 or later
References
Related
cvelist
cvelist
CVE-2021-32723 Regular Expression Denial of Service (ReDoS) in Prism
2021-06-28 19:15:15
ubuntucve
ubuntucve
CVE-2021-32723
2021-06-28 00:00:00
prion
prion
Design/Logic Flaw
2021-06-28 20:15:00
nvd
nvd
CVE-2021-32723
2021-06-28 20:15:07
osv
osv
CVE-2021-32723
2021-06-28 20:15:07
Regular Expression Denial of Service (ReDoS) in Prism
2021-06-28 18:33:18
redhatcve
redhatcve
CVE-2021-32723
2021-07-08 09:35:46
cve
cve
CVE-2021-32723
2021-06-28 20:15:07
cnvd
cnvd
Prism Resource Management Error Vulnerability
2021-06-30 00:00:00
github
github
Regular Expression Denial of Service (ReDoS) in Prism
2021-06-28 18:33:18
nessus
nessus
Oracle Database Server (Jan 2022 CPU)
2022-01-19 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00