Vulnerability CVE-2021-23364
Published: 2021-04-28

Description:
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

Type:

NVD-CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Browserslist project -> Browserslist 

 References:
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182
https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98
https://github.com/browserslist/browserslist/pull/593
https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474
https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194
Copyright 2024, cxsecurity.com

 

Back to Top