Home

CVE-2021-23343

Description

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.349

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2Windows
Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1Windows
(RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpmLinux
(RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-debugsource-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpmLinux
(RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-devel-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpmLinux
(RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-docs-12.22.5-1.module+el8.4.0+12242+af52a4c7.noarch.rpmLinux
(RHSA-2021:3623) nodejs:12 security and bug fix update nodejs-full-i18n-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpmLinux
(RHSA-2021:3623) nodejs:12 security and bug fix update npm-6.14.14-1.12.22.5.1.module+el8.4.0+12242+af52a4c7.x86_64.rpmLinux
Nodejs update (ELSA-2021-3623) nodejs-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpmLinux
Nodejs-devel update (ELSA-2021-3623) nodejs-devel-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpmLinux
Nodejs-docs update (ELSA-2021-3623) nodejs-docs-12.22.5-1.module+el8.4.0+20308+065a70e3.noarch.rpmLinux
Nodejs-full-i18n update (ELSA-2021-3623) nodejs-full-i18n-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpmLinux
Nodejs-nodemon update (ELSA-2021-3623) nodejs-nodemon-2.0.3-1.module+el8.4.0+20281+eb64e322.noarch.rpmLinux
Nodejs-packaging update (ELSA-2021-3623) nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.noarch.rpmLinux
Npm update (ELSA-2021-3623) npm-6.14.14-1.12.22.5.1.module+el8.4.0+20308+065a70e3.x86_64.rpmLinux
(RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpmLinux
(RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-debugsource-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpmLinux
(RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-devel-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpmLinux
(RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-docs-14.17.5-1.module+el8.4.0+12247+e2879e58.noarch.rpmLinux
(RHSA-2021:3666) nodejs:14 security and bug fix update nodejs-full-i18n-14.17.5-1.module+el8.4.0+12247+e2879e58.x86_64.rpmLinux
(RHSA-2021:3666) nodejs:14 security and bug fix update npm-6.14.14-1.14.17.5.1.module+el8.4.0+12247+e2879e58.x86_64.rpmLinux
Nodejs update (ELSA-2021-3666) nodejs-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpmLinux
Nodejs-devel update (ELSA-2021-3666) nodejs-devel-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpmLinux
Nodejs-docs update (ELSA-2021-3666) nodejs-docs-14.17.5-1.module+el8.4.0+20313+f90c2973.noarch.rpmLinux
Nodejs-full-i18n update (ELSA-2021-3666) nodejs-full-i18n-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpmLinux
Nodejs-nodemon update (ELSA-2021-3666) nodejs-nodemon-2.0.3-1.module+el8.3.0+7818+6cd30d85.noarch.rpmLinux
Nodejs-packaging update (ELSA-2021-3666) nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpmLinux
Npm update (ELSA-2021-3666) npm-6.14.14-1.14.17.5.1.module+el8.4.0+20313+f90c2973.x86_64.rpmLinux
nodejs:12 security and bug fix update (RLSA-2021:3623) npm-6.14.14-1.12.22.5.1.module+el8.4.0+647+e905fa21.x86_64.rpmLinux
nodejs:12 security and bug fix update (RLSA-2021:3623) c-ares-1.13.0-6.el8.i686.rpmLinux
nodejs:12 security and bug fix update (RLSA-2021:3623) c-ares-1.13.0-6.el8.x86_64.rpmLinux
nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-12.22.5-1.module+el8.4.0+647+e905fa21.x86_64.rpmLinux
nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-docs-12.22.5-1.module+el8.4.0+647+e905fa21.noarch.rpmLinux
nodejs:12 security and bug fix update (RLSA-2021:3623) c-ares-devel-1.13.0-6.el8.i686.rpmLinux
nodejs:12 security and bug fix update (RLSA-2021:3623) c-ares-devel-1.13.0-6.el8.x86_64.rpmLinux
nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-devel-12.22.5-1.module+el8.4.0+647+e905fa21.x86_64.rpmLinux
nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-full-i18n-12.22.5-1.module+el8.4.0+647+e905fa21.x86_64.rpmLinux
nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-packaging-23-3.module+el8.5.0+733+de4fee6c.noarch.rpmLinux
(RHSA-2021:3623)Important: security and bug fix update nodejs-debuginfo-12.22.5-1.module+el8.4.0+12242+af52a4c7.x86_64.rpmLinux
(RHSA-2021:3623)Important: security and bug fix update nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpmLinux
(RHSA-2021:3623)Important: security and bug fix update nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpmLinux
Important: nodejs:12 security and bug fix update nodejs-packaging-17-3.module_el8.3.0+2023+d2377ea3.noarch.rpmLinux
Important: nodejs:12 security and bug fix update nodejs-packaging-17-3.module_el8.4.0+2521+c668cc9f.noarch.rpmLinux
Important: nodejs:14 security and bug fix update nodejs-nodemon-2.0.3-1.module_el8.4.0+2521+c668cc9f.noarch.rpmLinux
nodejs:12 security and bug fix update (RLSA-2021:3623) nodejs-nodemon-2.0.3-1.module+el8.6.0+982+9fdca2d4.noarch.rpmLinux
nodejs:14 security and bug fix update (RLSA-2021:3666) nodejs-packaging-23-3.module+el8.7.0+1071+4bdda2a8.noarch.rpmLinux
nodejs:14 security and bug fix update (RLSA-2021:3666) nodejs-nodemon-2.0.3-1.module+el8.6.0+982+9fdca2d4.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234