Vulnerability Description
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Path-Parse Project | Path-Parse | < 1.0.7 |
References
- https://github.com/jbgutierrez/path-parse/issues/8ExploitIssue TrackingThird Party Advisory
- https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f637
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067ExploitThird Party Advisory
- https://github.com/jbgutierrez/path-parse/issues/8ExploitIssue TrackingThird Party Advisory
- https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f637
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067ExploitThird Party Advisory
FAQ
What is CVE-2021-23343?
CVE-2021-23343 is a vulnerability with a CVSS score of 5.3 (MEDIUM). All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-c...
How severe is CVE-2021-23343?
CVE-2021-23343 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-23343?
Check the references section above for vendor advisories and patch information. Affected products include: Path-Parse Project Path-Parse.