The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

References

github.com/sindresorhus/normalize-url/releases/tag/v6.0.1

security.netapp.com/advisory/ntap-20210706-0001/

ibm 15

redhatcve 1

debiancve 1

osv 7

cve 1

ubuntucve 1

nessus 22

prion 1

veracode 1

nodejs 1

nvd 1

github 1

redhat 8

rocky 3

oraclelinux 3

almalinux 3

ibm

Security Bulletin: Open Source Dependency Vulnerability

2023-05-15 18:59:14

Security Bulletin: IBM App Connect Enterprise Certified Container may be affected by a ReDoS flaw when processing URLs (CVE-2021-33502)

2021-07-30 04:30:32

Security Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerability

2021-06-23 13:21:49

redhatcve

CVE-2021-33502

2021-05-25 14:57:29

debiancve

CVE-2021-33502

2021-05-24 16:15:08

osv

ReDoS in normalize-url

2021-06-08 23:11:43

Moderate: nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

Moderate: nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

cve

CVE-2021-33502

2021-05-24 16:15:08

ubuntucve

CVE-2021-33502

2021-05-24 00:00:00

nessus

RHEL 8 : 12_nodejs-nodemon (Unpatched Vulnerability)

2024-06-03 00:00:00

RHEL 8 : nodejs-normalize-url (Unpatched Vulnerability)

2024-05-11 00:00:00

CentOS 9 : nodejs-nodemon-2.0.19-1.el9

2024-02-29 00:00:00

prion

Denial of service

2021-05-24 16:15:00

veracode

Regular Expression Denial Of Service (ReDoS)

2021-05-25 07:10:20

nodejs

Regular Expression Denial of Service

2021-06-08 23:12:07

nvd

CVE-2021-33502

2021-05-24 16:15:08

github

ReDoS in normalize-url

2021-06-08 23:11:43

redhat

(RHSA-2021:2931) Moderate: rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon security update

2021-07-28 07:39:24

(RHSA-2021:2932) Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update

2021-07-28 07:39:31

(RHSA-2022:4711) Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update

2022-05-26 16:04:07

rocky

nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

nodejs:14 security, bug fix, and enhancement update

2022-02-01 20:08:39

nodejs and nodejs-nodemon security and bug fix update

2022-09-20 11:37:49

oraclelinux

nodejs:16 security, bug fix, and enhancement update

2021-12-16 00:00:00

nodejs:14 security, bug fix, and enhancement update

2022-02-02 00:00:00

nodejs and nodejs-nodemon security and bug fix update

2022-09-22 00:00:00

almalinux

Moderate: nodejs:16 security, bug fix, and enhancement update

2021-12-15 19:09:29

Moderate: nodejs:14 security, bug fix, and enhancement update

2022-02-01 20:08:39

Moderate: nodejs and nodejs-nodemon security and bug fix update

2022-09-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.3%

JSON

Related for CVELIST:CVE-2021-33502