CVE-2021-23362

CVSS v3.1 5.3 (Medium)

CVSS v2.0 5 (Medium)

EPSS 0.32 % (71^th)

Affected Products 2

Advisories 28

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Snyk
Published Date: 2021-03-23 17:15:14
(3 years ago)
Updated Date: 2022-04-08 13:31:42
(2 years ago)

Affected Products

Npmjs

Hosted-git-info

Siemens

Sinec Infrastructure Network Services

Configuration #1

		CPE23	From	Up To
	Npmjs Hosted-git-info from 2.0.0 version and prior 2.8.9 version	cpe:2.3:a:npmjs:hosted-git-info	>= 2.0.0	< 2.8.9
	Npmjs Hosted-git-info from 3.0.0 version and prior 3.0.8 version	cpe:2.3:a:npmjs:hosted-git-info	>= 3.0.0	< 3.0.8

Configuration #2

		CPE23	From	Up To
	Siemens Sinec Infrastructure Network Services prior 1.0.1.1 version	cpe:2.3:a:siemens:sinec_infrastructure_network_services		< 1.0.1.1