1. Home
  2. Security Advisories
  3. NPM
  4. NPM:GHSA-43F8-2H32-F4CJ

[NPM:GHSA-43F8-2H32-F4CJ] Regular Expression Denial of Service in hosted-git-info

Severity Moderate
Affected Packages 2
Fixed Packages 2
CVEs 1
Info Packages References Vulnerabilities

The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity

Package Affected Version
pkg:npm/hosted-git-info < 2.8.9
pkg:npm/hosted-git-info >= 3.0.0, < 3.0.8
Package Fixed Version
pkg:npm/hosted-git-info = 2.8.9
pkg:npm/hosted-git-info = 3.0.8
ID
NPM:GHSA-43F8-2H32-F4CJ
Severity
moderate
URL
https://github.com/advisories/GHSA-43f8-2h32-f4cj
Published
2021-05-06T16:10:39
(3 years ago)
Modified
2023-02-01T05:05:20
(19 months ago)
Rights
NPM Security Team
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:npm/hosted-git-info hosted-git-info < 2.8.9
Fixed pkg:npm/hosted-git-info hosted-git-info = 2.8.9
Affected pkg:npm/hosted-git-info hosted-git-info >= 3.0.0 < 3.0.8
Fixed pkg:npm/hosted-git-info hosted-git-info = 3.0.8
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date