CVE-2021-23364 Information
Jun 07, 2022
cve
Description
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Reference
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182 https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98 https://github.com/browserslist/browserslist/pull/593 https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474 https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
LOW
Base Severity
5.3
Share on: