mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.0 KiB
1.0 KiB
CVE-2021-23362
&color=brightgreen)
Description
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
POC
Reference
- https://github.com/npm/hosted-git-info/commits/v2
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356
- https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355