Main Vulnerability Database Vulnerabilities #VU55315

#VU55315 Incorrect Regular Expression in path-parse - CVE-2021-23343

Published: July 26, 2021 / Updated: August 10, 2021

Vulnerability identifier: #VU55315

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-23343

CWE-ID: CWE-185

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
path-parse

Software vendor:
Javier Blanco Gutiérrez

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation in splitDeviceRe, splitTailRe, and splitPathRe regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability..

#VU55315 Incorrect Regular Expression in path-parse - CVE-2021-23343

Description

Remediation

External links

Please verify you're human