CVE-2021-3749 — HIGH (7.5) — White Hats Nepal

Q: What is CVE-2021-3749?

CVE-2021-3749 is a vulnerability with a CVSS score of 7.5 (HIGH). axios is vulnerable to Inefficient Regular Expression Complexity

Q: How severe is CVE-2021-3749?

CVE-2021-3749 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3749?

Check the references section above for vendor advisories and patch information. Affected products include: Axios Axios, Siemens Sinec Ins, Oracle Goldengate.

Vulnerability Description

axios is vulnerable to Inefficient Regular Expression Complexity

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Axios	Axios	<= 0.21.1
Siemens	Sinec Ins	< 1.0
Oracle	Goldengate	>= 21.1, < 21.7.0.0.0

Related Weaknesses (CWE)

CWE-400 CWE-1333

References

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdfThird Party Advisory
https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929PatchThird Party Advisory
https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31ExploitPatchThird Party Advisory
https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b
https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d8
https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28a
https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2
https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c4
https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f
https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b
https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1
https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0
https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8f
https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdfThird Party Advisory

FAQ

What is CVE-2021-3749?

CVE-2021-3749 is a vulnerability with a CVSS score of 7.5 (HIGH). axios is vulnerable to Inefficient Regular Expression Complexity

How severe is CVE-2021-3749?

CVE-2021-3749 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3749?

Check the references section above for vendor advisories and patch information. Affected products include: Axios Axios, Siemens Sinec Ins, Oracle Goldengate.