Lucene search
K

38 matches found

Tenable Nessus
Tenable Nessus
added 2021/07/28 12:0 a.m.60 views

RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2931 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

7.5CVSS7.2AI score0.23132EPSS
Exploits3References12
Tenable Nessus
Tenable Nessus
added 2021/07/28 12:0 a.m.60 views

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2932 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

7.5CVSS7.2AI score0.23132EPSS
Exploits3References12
OSV
OSV
added 2021/06/08 11:11 p.m.2 views

GHSA-PX4H-XG32-Q955 ReDoS in normalize-url

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

7.5CVSS7.1AI score0.01705EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2021/06/08 11:11 p.m.3 views

@dylanlindgren/storybook-addon-sn-next-ui (>=0.1.0 <=1.0.0), @github1/ajax-service (>=0.4.0-next.0 <=0.4.44) +48 more potentially affected by CVE-2021-33502 via normalize-url (>=4.3.0 <=4.5.0)

normalize-url NPM version =4.3.0, =0.1.0, =0.4.0-next.0, =0.4.39-next.0, =5.1.0, =5.7.5 - @plaa/metascraper =5.4.0 - @plaa/metascraper-amazon =5.4.0 - @plaa/metascraper-audio =5.4.0 - @plaa/metascraper-author =5.4.0 - @plaa/metascraper-date =5.4.0 - @plaa/metascraper-description =5.4.0 -...

7.5CVSS7.1AI score0.01705EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/06/08 11:11 p.m.6 views

@pixelastic/videogames-helper (>=0.2.2 <=0.2.3), aberlaas (>=1.21.0 <=1.23.0) +6 more potentially affected by CVE-2021-33502 via normalize-url (=6.0.0)

normalize-url NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on normalize-url and may be impacted: - @pixelastic/videogames-helper =0.2.2, =1.21.0, =2.13.0, =2.3.0, =4.0.0, =5.0.0 - pietro =0.6.1 Source cves: CVE-2021-33502 Source...

7.5CVSS7.1AI score0.01705EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/06/08 11:11 p.m.6 views

@cumulus/api-client (=1.19.0), @github1/ajax-service (>=0.4.0 <=0.4.55) +55 more potentially affected by CVE-2021-33502 via normalize-url (>=5.0.0 <=5.3.0)

normalize-url NPM version =5.0.0, =0.4.0, =1.0.1, =0.8.0, =0.8.0, =0.8.0, =0.8.0, =0.8.0, =0.8.0, =1.0.1, =0.8.7, =0.8.0, =0.8.0, =1.0.1, =0.8.0, =0.8.97 and more Source cves: CVE-2021-33502 Source advisory: OSV:GHSA-PX4H-XG32-Q955...

7.5CVSS7.1AI score0.01705EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2021/05/25 2:57 p.m.51 views

CVE-2021-33502

A flaw was found in normalize-url. Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data...

7.5CVSS3.2AI score0.01705EPSS
Exploits0References4
Veracode
Veracode
added 2021/05/25 7:10 a.m.34 views

Regular Expression Denial Of Service (ReDoS)

normalize-url is vulnerable to regular expression denial of service. The usage of an insecure regex allows an attacker to cause a denial of service condition via a malicious URL string...

7.5CVSS4.1AI score0.01705EPSS
Exploits0References2Affected Software10
OSV
OSV
added 2021/05/24 4:15 p.m.9 views

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

7.5CVSS8.3AI score
Exploits0References2
OSV
OSV
added 2021/05/24 4:15 p.m.9 views

AZL-44850 CVE-2021-33502 affecting package nodejs-nodemon 2.0.3-5

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

7.5CVSS7.2AI score0.01705EPSS
Exploits0References1
NVD
NVD
added 2021/05/24 4:15 p.m.20 views

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

7.5CVSS0.01705EPSS
Exploits0References2
OSV
OSV
added 2021/05/24 4:15 p.m.1 views

DEBIAN-CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

7.5CVSS8.1AI score0.01705EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/05/24 4:15 p.m.373 views

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

7.5CVSS7.1AI score0.01705EPSS
Exploits0References2
OSV
OSV
added 2021/05/24 4:15 p.m.4 views

UBUNTU-CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

7.5CVSS7.2AI score0.01705EPSS
Exploits0References3
Prion
Prion
added 2021/05/24 4:15 p.m.27 views

Denial of service

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

5CVSS8.3AI score0.01705EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/05/24 3:42 p.m.390 views

CVE-2021-33502

CVE-2021-33502 affects the normalize-url package for Node.js. Concrete details show a ReDoS issue where data URLs trigger exponential backtracking, impacting versions: 4.x up to 4.5.1, 5.x up to 5.3.1, and 6.x up to 6.0.1. The vulnerability arises from an exponential-backoff/regex pattern in hand...

7.5CVSS8.3AI score0.01705EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2021/05/24 3:42 p.m.29 views

CVE-2021-33502

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...

7.5CVSS8.7AI score0.01705EPSS
Exploits0
CNNVD
CNNVD
added 2021/05/24 12:0 a.m.2 views

normalize-url 安全漏洞

normalize-url is an open source npm package . Used to display, store , deduplication, sorting, comparing URLs. normalize-url package versions before 4.5.1 , 5.3.1 before version 5.x , 6.0.1 before 6.x has a security vulnerability , the vulnerability stems from a ReDoS Regular Expression Denial of...

7.5CVSS7.9AI score0.01705EPSS
Exploits0References23
Rows per page
Query Builder