CVE-2021-3801
Inefficient Regular Expression Complexity in prismjs/prism
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
prism is vulnerable to Inefficient Regular Expression Complexity
prism es vulnerable a una Complejidad de Expresión Regular Ineficiente
Insufficient Regular Expression Complexity in prismjs leads to a Regular Expression Denial of Service (ReDoS) attack. An unauthenticated attacker can exploit this flaw to cause an application to consume an excess amount of CPU by providing a crafted HTML comment as input. This can result in a denial of service attack.
The release of RHACS 3.67 provides the following new features, bug fixes, security patches and system changes: OpenShift Dedicated support RHACS 3.67 is thoroughly tested and supported on OpenShift Dedicated on Amazon Web Services and Google Cloud Platform. 1. Use OpenShift OAuth server as an identity provider If you are using RHACS with OpenShift, you can now configure the built-in OpenShift OAuth server as an identity provider for RHACS. Issues addressed include denial of service, information leakage, memory exhaustion, remote shell upload, and traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-14 CVE Reserved
- 2021-09-15 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-1333: Inefficient Regular Expression Complexity
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9 | 2022-07-29 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-3801 | 2021-12-01 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2005445 | 2021-12-01 |