CVE-2021-33502 – nodejs-normalize-url: ReDoS for data URLs

https://notcve.org/view.php?id=CVE-2021-33502

24 May 2021 — The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. El paquete normalize-url versiones anteriores a 4.5.1, versiones 5.x anteriores a 5.3.1 y versiones 6.x anteriores a 6.0.1 para Node.js, presenta un problema de ReDoS (denegación de servicio de expresión regular) porque presenta un rendimiento exponencial para los datos: URL A flaw was found in normalize-url... • https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •