IssueHunt
Bug Bounty (New!)
Browse
Sign in with GitHub
scriptex/github-pages-vuepress

CVE-2021-23343 (Medium) detected in path-parse-1.0.6.tgz #90

whitesource-bolt-for-github[bot] posted onGitHub

CVE-2021-23343 - Medium Severity Vulnerability

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png&#39; width=19 height=20> Vulnerable Library - <b>path-parse-1.0.6.tgz</b></p></summary>

<p>Node.js path.parse() ponyfill</p> <p>Library home page: <a href="https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz">https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz</a></p> <p>Path to dependency file: github-pages-vuepress/package.json</p> <p>Path to vulnerable library: github-pages-vuepress/node_modules/path-parse/package.json</p> <p>

Dependency Hierarchy:

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

<p>Publish Date: 2021-05-04 <p>URL: <a href=https://vuln.whitesourcesoftware.com/vulnerability/CVE-2021-23343>CVE-2021-23343</a></p> </p> </details> <p></p> <details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png&#39; width=19 height=20> CVSS 3 Score Details (<b>5.3</b>)</summary> <p>

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:

Step up your Open Source Security Game with WhiteSource here

Fund this Issue

$0.00
Funded

Pull requests

Company
AboutMission
Community
SpectrumEmbed
Support
FAQTerms of usePrivacy policyCode of conductCredits
Connect
FacebookTwitter

© 2019 BoostIO, Inc.