Vulnerabilities > CVE-2021-43309 - Unspecified vulnerability in Litejs Uri-Template-Lite

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

litejs

NVD

Published: 2022-08-24

Updated: 2023-11-07

Summary

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method

Vulnerable Configurations

Part	Description	Count
Application	Litejs Litejs URI Template Lite *	1

References

https://research.jfrog.com/vulnerabilities/uri-template-lite-redos-xray-211351/
https://github.com/litejs/uri-template-lite/compare/v22.1.0...v22.9.0