CX: CVE-2021-23343 in Npm-path-parse and 1.0.6 @ TodoList_mern.main

itsKedar commented 2 years ago

Description

path-parse prior to 1.0.7 is vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

HIGH Vulnerable Package issue exists @ path-parse in branch main

Vulnerability ID: CVE-2021-23343

Package Name: path-parse

Severity: HIGH

CVSS Score: 7.5

Publish Date: 2021-05-04T09:15:00

Current Package Version: 1.0.6

Remediation Upgrade Recommendation: 1.0.7

Link To SCA

Reference – NVD link

itsKedar commented 2 years ago

Issue still exists.

itsKedar commented 2 years ago

Issue still exists.

itsKedar commented 2 years ago

Issue still exists.

itsKedar / TodoList_mern

CX: CVE-2021-23343 in Npm-path-parse and 1.0.6 @ TodoList_mern.main #8