Lucene search
GoogleOSV:GHSA-HJ48-42VR-X3V9HistoryAug 10, 2021 - 3:33 p.m.
Regular Expression Denial of Service in path-parse
2021-08-1015:33:47
Google
osv.dev
31
npm package
redos
splitdevicere
splittailre
splitpathre
worst-case time complexity
EPSS
0.003
Percentile
68.6%
Affected versions of npm package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
References
github.com/jbgutierrez/path-parse
github.com/jbgutierrez/path-parse/commit/eca63a7b9a473bf6978a2f5b7b3343662d1506f7
github.com/jbgutierrez/path-parse/issues/8
github.com/jbgutierrez/path-parse/pull/10
lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85@%3Cdev.myfaces.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2021-23343
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028
snyk.io/vuln/SNYK-JS-PATHPARSE-1077067
Related
redhatcve
redhatcve
CVE-2021-23343
2021-05-04 14:31:14
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-05-05 05:46:25
nvd
nvd
CVE-2021-23343
2021-05-04 09:15:07
ibm
ibm
osv
osv
CVE-2021-23343
2021-05-04 09:15:07
Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
github
github
Regular Expression Denial of Service in path-parse
2021-08-10 15:33:47
cve
cve
CVE-2021-23343
2021-05-04 09:15:07
cvelist
cvelist
CVE-2021-23343 Regular Expression Denial of Service (ReDoS)
2021-05-04 08:25:17
nessus
nessus
RHEL 8 : nodejs-path-parse (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 8 : RHV Manager (ovirt-engine) security update [ovirt-4.4.7] (Moderate) (RHSA-2021:2865)
2021-07-22 00:00:00
SUSE SLES12 Security Update : nodejs14 (SUSE-SU-2022:0569-1)
2022-02-25 00:00:00
nodejs
nodejs
Regular Expression Denial of Service in path-parse
2021-08-10 15:59:47
prion
prion
Code injection
2021-05-04 09:15:00
redhat
redhat
(RHSA-2021:2865) Moderate: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]
2021-07-22 14:06:26
(RHSA-2021:3623) Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
(RHSA-2021:3666) Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:0563-1)
2022-02-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0569-1)
2022-02-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:0657-1)
2022-03-02 00:00:00
suse
suse
Security update for nodejs12 (important)
2022-03-02 00:00:00
Security update for nodejs8 (important)
2022-03-04 00:00:00
Security update for nodejs14 (important)
2022-03-04 00:00:00
rocky
rocky
nodejs:14 security and bug fix update
2021-09-27 06:47:35
nodejs:12 security and bug fix update
2021-09-21 12:33:58
almalinux
almalinux
Important: nodejs:12 security and bug fix update
2021-09-21 12:33:58
Important: nodejs:14 security and bug fix update
2021-09-27 06:47:35
oraclelinux
oraclelinux
nodejs:12 security and bug fix update
2021-09-22 00:00:00
nodejs:14 security and bug fix update
2021-09-27 00:00:00