CVE-2021-3749
Inefficient Regular Expression Complexity in axios/axios
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
axios is vulnerable to Inefficient Regular Expression Complexity
axios es vulnerable a una Complejidad de Expresión Regular Ineficiente
A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-08-30 CVE Reserved
- 2021-08-31 CVE Published
- 2024-05-16 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-1333: Inefficient Regular Expression Complexity
CAPEC
References (16)
URL | Date | SRC |
---|---|---|
https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31 | 2024-08-03 |
URL | Date | SRC |
---|---|---|
https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929 | 2023-11-07 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2021-3749 | 2022-04-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1999784 | 2022-04-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Axios Search vendor "Axios" | Axios Search vendor "Axios" for product "Axios" | <= 0.21.1 Search vendor "Axios" for product "Axios" and version " <= 0.21.1" | node.js |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinec Ins Search vendor "Siemens" for product "Sinec Ins" | < 1.0 Search vendor "Siemens" for product "Sinec Ins" and version " < 1.0" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinec Ins Search vendor "Siemens" for product "Sinec Ins" | 1.0 Search vendor "Siemens" for product "Sinec Ins" and version "1.0" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinec Ins Search vendor "Siemens" for product "Sinec Ins" | 1.0 Search vendor "Siemens" for product "Sinec Ins" and version "1.0" | sp1 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Goldengate Search vendor "Oracle" for product "Goldengate" | >= 21.1 < 21.7.0.0.0 Search vendor "Oracle" for product "Goldengate" and version " >= 21.1 < 21.7.0.0.0" | - |
Affected
|