5.3

CVE-2021-23346

Exploit

Regular Expression Denial of Service (ReDoS)

This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Html-parse-stringify ProjectHtml-parse-stringify SwPlatformnode.js Version < 2.0.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.22% 0.803
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
report@snyk.io 4.8 2.2 2.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://github.com/HenrikJoreteg/html-parse-stringify/blob/master/lib/parse.js%23L2
Third Party Advisory
Broken Link
https://github.com/HenrikJoreteg/html-parse-stringify/commit/c7274a48e59c92b2b7e906fedf9065159e73fe12
Patch
Third Party Advisory
https://github.com/rayd/html-parse-stringify2/blob/master/lib/parse.js%23L2
Third Party Advisory
Broken Link
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1080633
Patch
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY-1079306
Patch
Third Party Advisory
Exploit
https://snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY2-1079307
Patch
Third Party Advisory
Exploit