CVE-2021-23364

Опубликовано: 28 апр. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

Ссылки

https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474
Broken Link
https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98
Patch
Third Party Advisory
https://github.com/browserslist/browserslist/pull/593
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182
Exploit
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
Exploit
Patch
Third Party Advisory
https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474
Broken Link
https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98
Patch
Third Party Advisory
https://github.com/browserslist/browserslist/pull/593
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182
Exploit
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:browserslist_project:browserslist:*:*:*:*:*:node.js:*:*

Версия от 4.0.0 (включая) до 4.16.5 (исключая)

EPSS

Процентиль: 59%

0.00385

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-1333

Связанные уязвимости

CVE-2021-23364

CVSS3: 5.3

ubuntu

почти 5 лет назад

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

CVE-2021-23364

CVSS3: 5.3

redhat

почти 5 лет назад

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

CVE-2021-23364

CVSS3: 5.3

debian

почти 5 лет назад

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable t ...

GHSA-w8qv-6jwh-64r5

CVSS3: 5.3

github

больше 4 лет назад

Regular Expression Denial of Service in browserslist

EPSS

Процентиль: 59%

0.00385

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-1333