38 matches found
RHEL 7 : rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon (RHSA-2021:2931)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2931 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2932 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
GHSA-PX4H-XG32-Q955 ReDoS in normalize-url
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...
@dylanlindgren/storybook-addon-sn-next-ui (>=0.1.0 <=1.0.0), @github1/ajax-service (>=0.4.0-next.0 <=0.4.44) +48 more potentially affected by CVE-2021-33502 via normalize-url (>=4.3.0 <=4.5.0)
normalize-url NPM version =4.3.0, =0.1.0, =0.4.0-next.0, =0.4.39-next.0, =5.1.0, =5.7.5 - @plaa/metascraper =5.4.0 - @plaa/metascraper-amazon =5.4.0 - @plaa/metascraper-audio =5.4.0 - @plaa/metascraper-author =5.4.0 - @plaa/metascraper-date =5.4.0 - @plaa/metascraper-description =5.4.0 -...
@pixelastic/videogames-helper (>=0.2.2 <=0.2.3), aberlaas (>=1.21.0 <=1.23.0) +6 more potentially affected by CVE-2021-33502 via normalize-url (=6.0.0)
normalize-url NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on normalize-url and may be impacted: - @pixelastic/videogames-helper =0.2.2, =1.21.0, =2.13.0, =2.3.0, =4.0.0, =5.0.0 - pietro =0.6.1 Source cves: CVE-2021-33502 Source...
@cumulus/api-client (=1.19.0), @github1/ajax-service (>=0.4.0 <=0.4.55) +55 more potentially affected by CVE-2021-33502 via normalize-url (>=5.0.0 <=5.3.0)
normalize-url NPM version =5.0.0, =0.4.0, =1.0.1, =0.8.0, =0.8.0, =0.8.0, =0.8.0, =0.8.0, =0.8.0, =1.0.1, =0.8.7, =0.8.0, =0.8.0, =1.0.1, =0.8.0, =0.8.97 and more Source cves: CVE-2021-33502 Source advisory: OSV:GHSA-PX4H-XG32-Q955...
CVE-2021-33502
A flaw was found in normalize-url. Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data...
Regular Expression Denial Of Service (ReDoS)
normalize-url is vulnerable to regular expression denial of service. The usage of an insecure regex allows an attacker to cause a denial of service condition via a malicious URL string...
CVE-2021-33502
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...
AZL-44850 CVE-2021-33502 affecting package nodejs-nodemon 2.0.3-5
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...
CVE-2021-33502
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...
DEBIAN-CVE-2021-33502
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...
CVE-2021-33502
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...
UBUNTU-CVE-2021-33502
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...
Denial of service
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...
CVE-2021-33502
CVE-2021-33502 affects the normalize-url package for Node.js. Concrete details show a ReDoS issue where data URLs trigger exponential backtracking, impacting versions: 4.x up to 4.5.1, 5.x up to 5.3.1, and 6.x up to 6.0.1. The vulnerability arises from an exponential-backoff/regex pattern in hand...
CVE-2021-33502
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs...
normalize-url 安全漏洞
normalize-url is an open source npm package . Used to display, store , deduplication, sorting, comparing URLs. normalize-url package versions before 4.5.1 , 5.3.1 before version 5.x , 6.0.1 before 6.x has a security vulnerability , the vulnerability stems from a ReDoS Regular Expression Denial of...