CVE-2021-23362
Regular Expression Denial of Service (ReDoS)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
El paquete hosted-git-info anterior a la versión 3.0.8 es vulnerable a la Denegación de Servicio por Expresión Regular (ReDoS) a través de la expresión regular shortcutMatch en la función fromUrl en index.js. La expresión regular afectada muestra una complejidad de tiempo polinómica en el peor de los casos
A regular expression denial of service vulnerability was found in hosted-git-info. If an application allows user input into the affected regular expression (regexp) function, `shortcutMatch` or `fromUrl`, then an attacker could craft a regexp which takes an ever increasing amount of time to process, potentially resulting in a denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-08 CVE Reserved
- 2021-03-23 CVE Published
- 2023-12-07 EPSS Updated
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-1333: Inefficient Regular Expression Complexity
CAPEC
References (9)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356 | 2024-09-17 | |
https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355 | 2024-09-17 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2021-23362 | 2021-09-22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1943208 | 2021-09-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Npmjs Search vendor "Npmjs" | Hosted-git-info Search vendor "Npmjs" for product "Hosted-git-info" | >= 2.0.0 < 2.8.9 Search vendor "Npmjs" for product "Hosted-git-info" and version " >= 2.0.0 < 2.8.9" | - |
Affected
| ||||||
Npmjs Search vendor "Npmjs" | Hosted-git-info Search vendor "Npmjs" for product "Hosted-git-info" | >= 3.0.0 < 3.0.8 Search vendor "Npmjs" for product "Hosted-git-info" and version " >= 3.0.0 < 3.0.8" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinec Infrastructure Network Services Search vendor "Siemens" for product "Sinec Infrastructure Network Services" | < 1.0.1.1 Search vendor "Siemens" for product "Sinec Infrastructure Network Services" and version " < 1.0.1.1" | - |
Affected
|