CVE-2021-23343

Regular Expression Denial of Service (ReDoS)

CVSS 5.3 MEDIUMEPSS 2.2%

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected products

n/a · path-parse

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/jbgutierrez/path-parse/issues/8 https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85%40%3Cdev.myfaces.apache.org%3E https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028 https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067