CVE-2021-23362
Description
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.554
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-22918,CVE-2021-22921,CVE-2021-27290,CVE-2021-23362 are fixed in Node.js 12 (x64) (12.22.2) | Windows |
| Vulnerabilities CVE-2021-22918,CVE-2021-22921,CVE-2021-27290,CVE-2021-23362 are fixed in Node.js 12 (12.22.2) | Windows |
| Vulnerabilities CVE-2021-22918,CVE-2021-22921,CVE-2021-27290,CVE-2021-23362 are fixed in Node.js 14 (x64) (14.17.2) | Windows |
| Vulnerabilities CVE-2021-22918,CVE-2021-22921,CVE-2021-27290,CVE-2021-23362 are fixed in Node.js 14 (14.17.2) | Windows |
| Vulnerabilities CVE-2021-22918,CVE-2021-22921,CVE-2021-27290,CVE-2021-23362 are fixed in Node.js 16 (16.20.1) | Windows |
| Vulnerabilities CVE-2021-22918,CVE-2021-22921,CVE-2021-27290,CVE-2021-23362 are fixed in Node.js 16 (x64) (16.20.1) | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11 | Windows |
| Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1 | Windows |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update nodejs-12.22.3-2.module+el8.4.0+11732+c668cc9f.x86_64.rpm | Linux |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update nodejs-debugsource-12.22.3-2.module+el8.4.0+11732+c668cc9f.x86_64.rpm | Linux |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update nodejs-devel-12.22.3-2.module+el8.4.0+11732+c668cc9f.x86_64.rpm | Linux |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update nodejs-docs-12.22.3-2.module+el8.4.0+11732+c668cc9f.noarch.rpm | Linux |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update nodejs-full-i18n-12.22.3-2.module+el8.4.0+11732+c668cc9f.x86_64.rpm | Linux |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update nodejs-nodemon-2.0.3-1.module+el8.4.0+11732+c668cc9f.noarch.rpm | Linux |
| (RHSA-2021:3073) nodejs:12 security, bug fix, and enhancement update npm-6.14.13-1.12.22.3.2.module+el8.4.0+11732+c668cc9f.x86_64.rpm | Linux |
| (RHSA-2021:3074) nodejs:14 security, bug fix, and enhancement update nodejs-14.17.3-2.module+el8.4.0+11738+3bd42762.x86_64.rpm | Linux |
| (RHSA-2021:3074) nodejs:14 security, bug fix, and enhancement update nodejs-debugsource-14.17.3-2.module+el8.4.0+11738+3bd42762.x86_64.rpm | Linux |
| (RHSA-2021:3074) nodejs:14 security, bug fix, and enhancement update nodejs-devel-14.17.3-2.module+el8.4.0+11738+3bd42762.x86_64.rpm | Linux |
| (RHSA-2021:3074) nodejs:14 security, bug fix, and enhancement update nodejs-docs-14.17.3-2.module+el8.4.0+11738+3bd42762.noarch.rpm | Linux |
| (RHSA-2021:3074) nodejs:14 security, bug fix, and enhancement update nodejs-full-i18n-14.17.3-2.module+el8.4.0+11738+3bd42762.x86_64.rpm | Linux |
| (RHSA-2021:3074) nodejs:14 security, bug fix, and enhancement update npm-6.14.13-1.14.17.3.2.module+el8.4.0+11738+3bd42762.x86_64.rpm | Linux |
| Nodejs update (ELSA-2021-3073) nodejs-12.22.3-2.module+el8.4.0+20281+eb64e322.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2021-3073) nodejs-devel-12.22.3-2.module+el8.4.0+20281+eb64e322.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2021-3073) nodejs-docs-12.22.3-2.module+el8.4.0+20281+eb64e322.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2021-3073) nodejs-full-i18n-12.22.3-2.module+el8.4.0+20281+eb64e322.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2021-3073) nodejs-nodemon-2.0.3-1.module+el8.4.0+20281+eb64e322.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2021-3073) nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.noarch.rpm | Linux |
| Npm update (ELSA-2021-3073) npm-6.14.13-1.12.22.3.2.module+el8.4.0+20281+eb64e322.x86_64.rpm | Linux |
| Nodejs update (ELSA-2021-3623) nodejs-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2021-3623) nodejs-devel-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2021-3623) nodejs-docs-12.22.5-1.module+el8.4.0+20308+065a70e3.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2021-3623) nodejs-full-i18n-12.22.5-1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2021-3623) nodejs-nodemon-2.0.3-1.module+el8.4.0+20281+eb64e322.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2021-3623) nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.noarch.rpm | Linux |
| Npm update (ELSA-2021-3623) npm-6.14.14-1.12.22.5.1.module+el8.4.0+20308+065a70e3.x86_64.rpm | Linux |
| Nodejs update (ELSA-2021-3666) nodejs-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2021-3666) nodejs-devel-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2021-3666) nodejs-docs-14.17.5-1.module+el8.4.0+20313+f90c2973.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2021-3666) nodejs-full-i18n-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2021-3666) nodejs-nodemon-2.0.3-1.module+el8.3.0+7818+6cd30d85.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2021-3666) nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpm | Linux |
| Npm update (ELSA-2021-3666) npm-6.14.14-1.14.17.5.1.module+el8.4.0+20313+f90c2973.x86_64.rpm | Linux |
| nodejs:12 security, bug fix, and enhancement update (RLSA-2021:3073) nodejs-nodemon-2.0.3-1.module+el8.4.0+638+5344c6f7.noarch.rpm | Linux |
| nodejs:12 security, bug fix, and enhancement update (RLSA-2021:3073) nodejs-packaging-17-3.module+el8.3.0+101+f84c7154.noarch.rpm | Linux |
| nodejs:12 security, bug fix, and enhancement update (RLSA-2021:3073) nodejs-nodemon-2.0.3-1.module+el8.6.0+982+9fdca2d4.noarch.rpm | Linux |
| nodejs:14 security, bug fix, and enhancement update (RLSA-2021:3074) nodejs-packaging-23-3.module+el8.7.0+1071+4bdda2a8.noarch.rpm | Linux |
| nodejs:14 security, bug fix, and enhancement update (RLSA-2021:3074) nodejs-nodemon-2.0.3-1.module+el8.6.0+982+9fdca2d4.noarch.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-324371 | Node.js 12 (x64) (12.22.12) |
| PATCH-324370 | Node.js 12 (12.22.12) |
| PATCH-329083 | Node.js 14 (x64) (14.21.3) |
| PATCH-329082 | Node.js 14 (14.21.3) |
| PATCH-331256 | Node.js 16 (16.20.1) |
| PATCH-331257 | Node.js 16 (x64) (16.20.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234