CVE-2021-33587
https://notcve.org/view.php?id=CVE-2021-33587
The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. El paquete css-what versión 4.0.0 hasta la versión 5.0.0 para Node.js no asegura que el análisis sintáctico de atributos tenga una complejidad de tiempo lineal en relación con el tamaño de la entrada • https://github.com/fb55/css-what/releases/tag/v5.0.1 https://lists.debian.org/debian-lts-announce/2023/03/msg00001.html https://security.netapp.com/advisory/ntap-20210706-0007 •
CVE-2021-33623 – nodejs-trim-newlines: ReDoS in .end() method
https://notcve.org/view.php?id=CVE-2021-33623
The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. El paquete trim-newlines versiones anteriores a 3.0.1 y versiones 4.x anteriores a 4.0.1 para Node.js, presenta un problema relacionado con una denegación de servicio de expresión regular (ReDoS) para el método .end() A flaw was found in nodejs-trim-newlines. Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. • https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1 https://lists.debian.org/debian-lts-announce/2022/12/msg00033.html https://security.netapp.com/advisory/ntap-20210702-0007 https://www.npmjs.com/package/trim-newlines https://access.redhat.com/security/cve/CVE-2021-33623 https://bugzilla.redhat.com/show_bug.cgi?id=1966615 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-32640 – ReDoS in Sec-Websocket-Protocol header
https://notcve.org/view.php?id=CVE-2021-32640
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options. ws es una biblioteca de servidor y cliente WebSocket de código abierto para Node.js. Un valor especialmente diseñado del encabezado "Sec-Websocket-Protocol" puede ser usado para ralentizar significativamente un servidor ws. • https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693 https://lists.apache.org/thread.html/rdfa7b6253c4d6271e31566ecd5f30b7ce1b8fb2c89d52b8c4e0f4e30%40%3Ccommits.tinkerpop.apache.org%3E https://security.netapp.com/advisory/ntap-20210706-0005 • CWE-400: Uncontrolled Resource Consumption •
CVE-2021-23383 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-23383
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. El package handlebars versiones anteriores a 4.7.7, son vulnerables a una Contaminación de Prototipos al seleccionar determinadas opciones de compilación para agrupar plantillas que provienen de una fuente no confiable A flaw was found in nodejs-handlebars. A unescaped value in the JavaScriptCompiler.prototype.depthedLookup function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the compat:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://github.com/dn9uy3n/Check-CVE-2021-23383 https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427 https://security.netapp.com/advisory/ntap-20210618-0007 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030 https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029 https://access.redhat.com/security/cve/CVE-2021-23383 https://bugzilla.redhat.com/show_bug.cgi& • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2021-28164 – Jetty 9.4.37.v20210219 - Information Disclosure
https://notcve.org/view.php?id=CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. En Eclipse Jetty versiones 9.4.37.v20210219 hasta 9.4.38.v20210224, el modo de cumplimiento predeterminado permite a unas peticiones con URI que contienen segmentos %2e o %2e%2e acceder a recursos protegidos dentro del directorio WEB-INF. Por ejemplo, una petición a /context/%2e/WEB-INF/web.xml puede recuperar el archivo web.xml. • https://www.exploit-db.com/exploits/50438 http://packetstormsecurity.com/files/164590/Jetty-9.4.37.v20210219-Information-Disclosure.html https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5 https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6% • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-551: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization •