Lucene search
PRIOn knowledge basePRION:CVE-2021-23362HistoryMar 23, 2021 - 5:15 p.m.
Design/Logic Flaw
2021-03-2317:15:00
PRIOn knowledge base
www.prio-n.com
8
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
| CPE | Name | Operator | Version |
|---|---|---|---|
| hosted-git-info | ge | 2.0.0 | |
| hosted-git-info | lt | 2.8.9 | |
| hosted-git-info | ge | 3.0.0 | |
| hosted-git-info | lt | 3.0.8 | |
| sinec_infrastructure_network_services | lt | 1.0.1.1 |
References
cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7
github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01
github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
github.com/npm/hosted-git-info/commits/v2
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356
snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
Related
redhatcve
redhatcve
CVE-2021-23362
2021-03-25 15:23:08
github
github
Regular Expression Denial of Service in hosted-git-info
2021-05-06 16:10:39
cve
cve
CVE-2021-23362
2021-03-23 17:15:14
ubuntucve
ubuntucve
CVE-2021-23362
2021-03-23 00:00:00
nessus
nessus
Ubuntu 18.04 ESM / 20.04 ESM : hosted-git-info vulnerability (USN-5216-1)
2023-10-16 00:00:00
Rocky Linux 8 : nodejs:12 (RLSA-2021:3073)
2022-02-09 00:00:00
Oracle Linux 8 : nodejs:14 (ELSA-2021-3074)
2021-08-11 00:00:00
ibm
ibm
osv
osv
node-hosted-git-info vulnerability
2022-09-02 05:01:08
CVE-2021-23362
2021-03-23 17:15:14
Regular Expression Denial of Service in hosted-git-info
2021-05-06 16:10:39
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2021-03-24 04:03:06
openvas
openvas
Ubuntu: Security Advisory (USN-5216-1)
2023-01-27 00:00:00
Node.js 12.x < 12.22.2, 14.x < 14.17.0 Multiple Vulnerabilities - Mac OS X
2021-07-14 00:00:00
Node.js 12.x < 12.22.2, 14.x < 14.17.0 Multiple Vulnerabilities - Windows
2021-07-14 00:00:00
cvelist
cvelist
CVE-2021-23362 Regular Expression Denial of Service (ReDoS)
2021-03-23 00:00:00
nodejs
nodejs
Regular Expression Denial of Service
2021-05-06 16:15:08
nvd
nvd
CVE-2021-23362
2021-03-23 17:15:14
ubuntu
ubuntu
hosted-git-info vulnerability
2022-09-02 00:00:00
debiancve
debiancve
CVE-2021-23362
2021-03-23 17:15:14
suse
suse
Security update for nodejs8 (important)
2021-08-05 00:00:00
Security update for nodejs8 (important)
2021-08-10 00:00:00
Security update for nodejs14 (important)
2021-07-15 00:00:00
archlinux
archlinux
[ASA-202107-13] nodejs: multiple issues
2021-07-06 00:00:00
[ASA-202107-33] nodejs-lts-erbium: multiple issues
2021-07-20 00:00:00
[ASA-202107-32] nodejs-lts-fermium: multiple issues
2021-07-20 00:00:00
almalinux
almalinux
Moderate: nodejs:14 security, bug fix, and enhancement update
2021-08-10 12:00:51
Moderate: nodejs:12 security, bug fix, and enhancement update
2021-08-10 12:00:47
mageia
mageia
Updated nodejs packages fix security vulnerabilities
2021-07-25 17:45:06
oraclelinux
oraclelinux
nodejs:12 security, bug fix, and enhancement update
2021-08-12 00:00:00
nodejs:14 security, bug fix, and enhancement update
2021-08-12 00:00:00
rocky
rocky
nodejs:12 security, bug fix, and enhancement update
2021-08-10 12:00:47
nodejs:14 security, bug fix, and enhancement update
2021-08-10 12:00:51
redhat
redhat
freebsd
freebsd
Node.js -- July 2021 Security Releases
2021-07-01 00:00:00
nodejsblog
nodejsblog
July 2021 Security Releases
2021-07-01 00:00:00
ics
ics
Siemens SINEC INS
2022-03-10 12:00:00