GitHub_MCVELIST:CVE-2021-29469CVE-2021-29469 Potential exponential regex in monitor mode
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.4%
Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1.
CNA Affected
[
{
"product": "node-redis",
"vendor": "NodeRedis",
"versions": [
{
"status": "affected",
"version": "< 3.1.1"
}
]
}
]Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
7.5 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.4%