[NPM:GHSA-43F8-2H32-F4CJ] Regular Expression Denial of Service in hosted-git-info
Severity
Moderate
Affected Packages
2
Fixed Packages
2
CVEs
1
The npm package hosted-git-info
before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity
Package | Affected Version |
---|---|
pkg:npm/hosted-git-info | < 2.8.9 |
pkg:npm/hosted-git-info | >= 3.0.0, < 3.0.8 |
Package | Fixed Version |
---|---|
pkg:npm/hosted-git-info | = 2.8.9 |
pkg:npm/hosted-git-info | = 3.0.8 |
- ID
- NPM:GHSA-43F8-2H32-F4CJ
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-43f8-2h32-f4cj
- Published
-
2021-05-06T16:10:39
(3 years ago) - Modified
-
2023-02-01T05:05:20
(19 months ago) - Rights
- NPM Security Team
- Other Advisories
-
- ALSA-2021:3073
- ALSA-2021:3074
- ASA-202107-13
- ELSA-2021-3073
- ELSA-2021-3074
- FREEBSD:C174118E-1B11-11EC-9D9D-0022489AD614
- openSUSE-SU-2021:1059-1
- openSUSE-SU-2021:1060-1
- openSUSE-SU-2021:1061-1
- openSUSE-SU-2021:1113-1
- openSUSE-SU-2021:2327-1
- openSUSE-SU-2021:2353-1
- openSUSE-SU-2021:2354-1
- openSUSE-SU-2021:2618-1
- RHSA-2021:3073
- RHSA-2021:3074
- RLSA-2021:3073
- RLSA-2021:3074
- SUSE-SU-2021:2319-1
- SUSE-SU-2021:2323-1
- SUSE-SU-2021:2326-1
- SUSE-SU-2021:2327-1
- SUSE-SU-2021:2353-1
- SUSE-SU-2021:2354-1
- SUSE-SU-2021:2618-1
- SUSE-SU-2021:2620-1
- USN-5216-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:npm/hosted-git-info | hosted-git-info | < 2.8.9 | ||||
Fixed | pkg:npm/hosted-git-info | hosted-git-info | = 2.8.9 | ||||
Affected | pkg:npm/hosted-git-info | hosted-git-info | >= 3.0.0 < 3.0.8 | ||||
Fixed | pkg:npm/hosted-git-info | hosted-git-info | = 3.0.8 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |