nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()

A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression regexp function, shortcutMatch or fromUrl, then an attacker could craft a regexp which takes an ever increasing amount of time to process,...

RHEL 7 : rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2021:2932)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2932 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...

AZL-44058 CVE-2021-23362 affecting package js-jquery 3.5.0-4

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...