exploitDog

CVE-2021-23388

Опубликовано: 01 июн. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation.

Ссылки

https://github.com/caolan/forms/pull/214
Third Party Advisory
https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-FORMS-1296389
Patch
Third Party Advisory
https://github.com/caolan/forms/pull/214
Third Party Advisory
https://github.com/caolan/forms/pull/214/commits/d4bd5b5febfe49c1f585f162e04ec810f8dc47a0
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-FORMS-1296389
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:forms_project:forms:*:*:*:*:*:node.js:*:*

Версия до 1.2.1 (исключая)

cpe:2.3:a:forms_project:forms:*:*:*:*:*:node.js:*:*

Версия от 1.3.0 (включая) до 1.3.2 (исключая)

EPSS

Процентиль: 58%

0.00372

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-c56f-grv3-gpfr

CVSS3: 5.3

github

больше 4 лет назад

Regular expression denial of service in forms

EPSS

Процентиль: 58%

0.00372

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo