Lucene search
PRIOn knowledge basePRION:CVE-2021-32723HistoryJun 28, 2021 - 8:15 p.m.
Design/Logic Flaw
2021-06-2820:15:00
PRIOn knowledge base
www.prio-n.com
4
Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fixed in Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to highlight untrusted text. Other languages are not affected and can be used to highlight untrusted text.
| CPE | Name | Operator | Version |
|---|---|---|---|
| application_express | lt | 21.1.4 | |
| prism | lt | 1.24.0 |
Related
cvelist
cvelist
CVE-2021-32723 Regular Expression Denial of Service (ReDoS) in Prism
2021-06-28 19:15:15
ubuntucve
ubuntucve
CVE-2021-32723
2021-06-28 00:00:00
nvd
nvd
CVE-2021-32723
2021-06-28 20:15:07
nodejs
nodejs
Regular Expression Denial of Service
2021-06-28 18:33:51
osv
osv
CVE-2021-32723
2021-06-28 20:15:07
Regular Expression Denial of Service (ReDoS) in Prism
2021-06-28 18:33:18
redhatcve
redhatcve
CVE-2021-32723
2021-07-08 09:35:46
cve
cve
CVE-2021-32723
2021-06-28 20:15:07
cnvd
cnvd
Prism Resource Management Error Vulnerability
2021-06-30 00:00:00
github
github
Regular Expression Denial of Service (ReDoS) in Prism
2021-06-28 18:33:18
nessus
nessus
Oracle Database Server (Jan 2022 CPU)
2022-01-19 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00