Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-23362

Published: 23/03/2021 Updated: 08/08/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Npmjs

Vulnerability Summary

The package hosted-git-info prior to 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

npmjs hosted-git-info

siemens sinec infrastructure network services

Vendor Advisories

Arch Linux Issues:
A security issue has been found in Nodejs before versions 1641, 14172 and 12222 There is a vulnerability in the hosted-git-info npm module which may be vulnerable to denial of service attacks ...

ICS Advisories

Siemens SINEC INS
Critical Infrastructure Sectors: Energy

Github Repositories

https://github.com/sonatype-nexus-community/auditjs

Audits an NPM package.json file to identify known vulnerabilities.

AuditJS IMPORTANT NOTE: Welcome to AuditJS 400, lots has changed since 300, mainly around usage Make sure to read the new docs If you have an issue migrating from AuditJS 3x to AuditJS 4x, please file a GitHub issue here Audits JavaScript projects using the OSS Index v3 REST API to identify known vulnerabilities and outdated package versions Supports any project with

https://github.com/retr0-13/auditjs

AuditJS IMPORTANT NOTE: Welcome to AuditJS 400, lots has changed since 300, mainly around usage Make sure to read the new docs If you have an issue migrating from AuditJS 3x to AuditJS 4x, please file a GitHub issue here Audits JavaScript projects using the OSS Index v3 REST API to identify known vulnerabilities and outdated package versions Supports any project with

References

CWE-1333https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356https://github.com/npm/hosted-git-info/commits/v2https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfhttps://nvd.nist.govhttps://github.com/sonatype-nexus-community/auditjshttps://www.cisa.gov/uscert/ics/advisories/icsa-22-069-09https://security.archlinux.org/CVE-2021-23362
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook