Home

CVE-2021-33502

Description

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.322

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.15Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 10.11Windows
Multiple Vulnerabilities are affected in IBM WebMethods Integration Server 11.1Windows
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-16.13.1-3.module+el8.5.0+13548+45d748af.x86_64.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-debugsource-16.13.1-3.module+el8.5.0+13548+45d748af.x86_64.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-devel-16.13.1-3.module+el8.5.0+13548+45d748af.x86_64.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-docs-16.13.1-3.module+el8.5.0+13548+45d748af.noarch.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-full-i18n-16.13.1-3.module+el8.5.0+13548+45d748af.x86_64.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-nodemon-2.0.15-1.module+el8.5.0+13548+45d748af.noarch.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpmLinux
(RHSA-2021:5171) nodejs:16 security, bug fix, and enhancement update npm-8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64.rpmLinux
Nodejs update (ELSA-2021-5171) nodejs-16.13.1-3.0.1.module+el8.5.0+20457+52828f44.x86_64.rpmLinux
Nodejs-devel update (ELSA-2021-5171) nodejs-devel-16.13.1-3.0.1.module+el8.5.0+20457+52828f44.x86_64.rpmLinux
Nodejs-docs update (ELSA-2021-5171) nodejs-docs-16.13.1-3.0.1.module+el8.5.0+20457+52828f44.noarch.rpmLinux
Nodejs-full-i18n update (ELSA-2021-5171) nodejs-full-i18n-16.13.1-3.0.1.module+el8.5.0+20457+52828f44.x86_64.rpmLinux
Nodejs-nodemon update (ELSA-2021-5171) nodejs-nodemon-2.0.15-1.module+el8.5.0+20457+52828f44.noarch.rpmLinux
Nodejs-packaging update (ELSA-2021-5171) nodejs-packaging-25-1.module+el8.5.0+20388+4b61e68d.noarch.rpmLinux
Npm update (ELSA-2021-5171) npm-8.1.2-1.16.13.1.3.0.1.module+el8.5.0+20457+52828f44.x86_64.rpmLinux
Nodejs update (ELSA-2022-0350) nodejs-14.18.2-2.module+el8.5.0+20489+261d51d3.x86_64.rpmLinux
Nodejs-devel update (ELSA-2022-0350) nodejs-devel-14.18.2-2.module+el8.5.0+20489+261d51d3.x86_64.rpmLinux
Nodejs-docs update (ELSA-2022-0350) nodejs-docs-14.18.2-2.module+el8.5.0+20489+261d51d3.noarch.rpmLinux
Nodejs-full-i18n update (ELSA-2022-0350) nodejs-full-i18n-14.18.2-2.module+el8.5.0+20489+261d51d3.x86_64.rpmLinux
Nodejs-nodemon update (ELSA-2022-0350) nodejs-nodemon-2.0.15-1.module+el8.5.0+20489+261d51d3.noarch.rpmLinux
Nodejs-packaging update (ELSA-2022-0350) nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpmLinux
Npm update (ELSA-2022-0350) npm-6.14.15-1.14.18.2.2.module+el8.5.0+20489+261d51d3.x86_64.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update nodejs-14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update nodejs-debugsource-14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update nodejs-devel-14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update nodejs-docs-14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update nodejs-full-i18n-14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update nodejs-nodemon-2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch.rpmLinux
(RHSA-2022:0350) nodejs:14 security, bug fix, and enhancement update npm-6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64.rpmLinux
Nodejs update (ELSA-2022-6595) nodejs-16.16.0-1.el9_0.x86_64.rpmLinux
Nodejs-docs update (ELSA-2022-6595) nodejs-docs-16.16.0-1.el9_0.noarch.rpmLinux
Nodejs-full-i18n update (ELSA-2022-6595) nodejs-full-i18n-16.16.0-1.el9_0.x86_64.rpmLinux
Nodejs-libs update (ELSA-2022-6595) nodejs-libs-16.16.0-1.el9_0.i686.rpmLinux
Nodejs-libs update (ELSA-2022-6595) nodejs-libs-16.16.0-1.el9_0.x86_64.rpmLinux
Nodejs-nodemon update (ELSA-2022-6595) nodejs-nodemon-2.0.19-1.el9_0.noarch.rpmLinux
Npm update (ELSA-2022-6595) npm-8.11.0-1.16.16.0.1.el9_0.x86_64.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-16.16.0-1.el9_0.x86_64.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-debugsource-16.16.0-1.el9_0.i686.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-debugsource-16.16.0-1.el9_0.x86_64.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-docs-16.16.0-1.el9_0.noarch.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-full-i18n-16.16.0-1.el9_0.x86_64.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-libs-16.16.0-1.el9_0.i686.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-libs-16.16.0-1.el9_0.x86_64.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update nodejs-nodemon-2.0.19-1.el9_0.noarch.rpmLinux
(RHSA-2022:6595) nodejs and nodejs-nodemon security and bug fix update npm-8.11.0-1.16.16.0.1.el9_0.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234