Vulnerabilities > CVE-2021-23343 - Unspecified vulnerability in Path-Parse Project Path-Parse

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

path-parse-project

NVD

Published: 2021-05-04

Updated: 2023-11-07

Summary

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.

Vulnerable Configurations

Part	Description	Count
Application	Path-Parse_Project Path Parse Project Path Parse - Path Parse Project Path Parse 1.0.0 Path Parse Project Path Parse 1.0.1 Path Parse Project Path Parse 1.0.2 Path Parse Project Path Parse 1.0.3 Path Parse Project Path Parse 1.0.4 Path Parse Project Path Parse 1.0.5 Path Parse Project Path Parse 1.0.6	8

References

https://github.com/jbgutierrez/path-parse/issues/8
https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028
https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85%40%3Cdev.myfaces.apache.org%3E