Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-4299
HistoryJan 02, 2023 - 8:15 a.m.

CVE-2021-4299

2023-01-0208:15:10
CWE-1333
[email protected]
web.nvd.nist.gov
1
vulnerability
cve-2021-4299
cronvel string-kit
remote attack
regex complexity
naturalsort function
lib/naturalsort.js
upgrade
0.12.8
patch identifier
9cac4c298ee92c1695b0695951f1488884a7ca73

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

52.4%

JSON

A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 is able to address this issue. The name of the patch is 9cac4c298ee92c1695b0695951f1488884a7ca73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217180.

Affected configurations

Nvd
Node
string_kit_projectstring_kitRange<0.12.8node.js
VendorProductVersionCPE
string_kit_projectstring_kit*cpe:2.3:a:string_kit_project:string_kit:*:*:*:*:*:node.js:*:*

Related

prion 1
github 1
osv 2
veracode 1
cvelist 1
cve 1
prion
prion
Design/Logic Flaw
2023-01-02 08:15:00
github
github
string-kit Inefficient Regular Expression Complexity vulnerability
2023-01-02 09:31:57
osv
osv
string-kit Inefficient Regular Expression Complexity vulnerability
2023-01-02 09:31:57
CVE-2021-4299
2023-01-02 08:15:10
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-01-12 04:43:51
cvelist
cvelist
CVE-2021-4299 cronvel string-kit naturalSort.js naturalSort redos
2023-01-02 07:57:07
cve
cve
CVE-2021-4299
2023-01-02 08:15:10

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

52.4%

JSON
Related for NVD:CVE-2021-4299
prion1github1osv2veracode1cvelist1cve1