Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-33502

Опубликовано: 21 мая 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2.0servicemesh-grafanaNot affected
OpenShift Service Mesh 2.0servicemesh-prometheusNot affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/application-ui-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-header-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-ui-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/grc-ui-api-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/grc-ui-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/kui-web-terminal-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/mcm-topology-api-rhel8Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1964461nodejs-normalize-url: ReDoS for data URLs

EPSS

Процентиль: 56%
0.00334
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-33502

CVSS3: 7.5
ubuntu
около 4 лет назад

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

nvd логотип

CVE-2021-33502

CVSS3: 7.5
nvd
около 4 лет назад

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

debian логотип

CVE-2021-33502

CVSS3: 7.5
debian
около 4 лет назад

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...

github логотип

GHSA-px4h-xg32-q955

CVSS3: 7.5
github
около 4 лет назад

ReDoS in normalize-url

fstec логотип

BDU:2021-04609

CVSS3: 7.5
fstec
около 4 лет назад

Уязвимость библиотек для Node.js Got и Normalize-url, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 56%
0.00334
Низкий

7.5 High

CVSS3