CX: CVE-2021-33502 in Npm-normalize-url and 4.5.0 @ TodoList_mern.main

itsKedar commented 2 years ago

Description

The normalize-url package for Node.js versions >=4.4.0 before 4.5.1, >= 5.0.0 before 5.3.1 and 6.0.0, have a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

HIGH Vulnerable Package issue exists @ normalize-url in branch main

Vulnerability ID: CVE-2021-33502

Package Name: normalize-url

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2021-05-24T16:15:00

Current Package Version: 4.5.0

Remediation Upgrade Recommendation: 4.5.1

Link To SCA

Reference – NVD link

itsKedar commented 2 years ago

Issue still exists.

itsKedar commented 2 years ago

Issue still exists.

itsKedar commented 2 years ago

Issue still exists.

itsKedar / TodoList_mern

CX: CVE-2021-33502 in Npm-normalize-url and 4.5.0 @ TodoList_mern.main #11