Moderate severityNVD Advisory· Published May 4, 2021· Updated Sep 16, 2024
Regular Expression Denial of Service (ReDoS)
CVE-2021-23343
Description
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
path-parsenpm | < 1.0.7 | 1.0.7 |
Affected products
94- path-parse/path-parsedescription
- ghsa-coords93 versionspkg:npm/path-parsepkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/npmpkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/nodejs12&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs8&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/nodejs10&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/nodejs10&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/nodejs10&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/nodejs10&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/nodejs10&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/nodejs12&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/nodejs12&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/nodejs12&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/nodejs12&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/nodejs14&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/nodejs14&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/nodejs14&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/nodejs14&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/nodejs8&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/nodejs8&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/nodejs8&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/nodejs8&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/nodejs8&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/nodejs-common&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/nodejs-common&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/nodejs-common&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/nodejs-common&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/nodejs-common&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/nodejs-common&distro=SUSE%20Manager%20Server%204.1
< 1.0.7+ 92 more
- (no CPE)range: < 1.0.7
- (no CPE)range: < 1:12.22.5-1.module_el8.4.0+2529+af52a4c7
- (no CPE)range: < 1:12.22.5-1.module_el8.5.0+85+79a7b441
- (no CPE)range: < 1:12.22.5-1.module_el8.4.0+2529+af52a4c7
- (no CPE)range: < 1:12.22.5-1.module_el8.5.0+85+79a7b441
- (no CPE)range: < 2.0.3-1.module_el8.4.0+2521+c668cc9f
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
- (no CPE)range: < 1:6.14.14-1.12.22.5.1.module_el8.4.0+2529+af52a4c7
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 12.22.10-4.29.3
- (no CPE)range: < 14.19.0-15.27.1
- (no CPE)range: < 8.17.0-10.19.2
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-1.46.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 12.22.10-4.29.3
- (no CPE)range: < 12.22.10-4.29.3
- (no CPE)range: < 12.22.10-4.29.3
- (no CPE)range: < 12.22.10-1.42.2
- (no CPE)range: < 12.22.10-4.29.3
- (no CPE)range: < 12.22.10-4.29.3
- (no CPE)range: < 12.22.10-4.29.3
- (no CPE)range: < 12.22.10-4.29.3
- (no CPE)range: < 12.22.10-4.29.3
- (no CPE)range: < 12.22.10-4.29.3
- (no CPE)range: < 12.22.10-4.29.3
- (no CPE)range: < 14.19.0-15.27.1
- (no CPE)range: < 14.19.0-15.27.1
- (no CPE)range: < 14.19.0-15.27.1
- (no CPE)range: < 14.19.0-6.24.1
- (no CPE)range: < 14.19.0-15.27.1
- (no CPE)range: < 14.19.0-15.27.1
- (no CPE)range: < 14.19.0-15.27.1
- (no CPE)range: < 14.19.0-15.27.1
- (no CPE)range: < 14.19.0-15.27.1
- (no CPE)range: < 14.19.0-15.27.1
- (no CPE)range: < 14.19.0-15.27.1
- (no CPE)range: < 8.17.0-3.54.2
- (no CPE)range: < 8.17.0-10.19.2
- (no CPE)range: < 8.17.0-3.54.2
- (no CPE)range: < 8.17.0-3.54.2
- (no CPE)range: < 8.17.0-10.19.2
- (no CPE)range: < 8.17.0-10.19.2
- (no CPE)range: < 8.17.0-3.54.2
- (no CPE)range: < 8.17.0-3.54.2
- (no CPE)range: < 8.17.0-3.54.2
- (no CPE)range: < 8.17.0-3.54.2
- (no CPE)range: < 8.17.0-10.19.2
- (no CPE)range: < 8.17.0-10.19.2
- (no CPE)range: < 8.17.0-3.54.2
- (no CPE)range: < 8.17.0-3.54.2
- (no CPE)range: < 8.17.0-3.54.2
- (no CPE)range: < 8.17.0-10.19.2
- (no CPE)range: < 8.17.0-10.19.2
- (no CPE)range: < 8.17.0-10.19.2
- (no CPE)range: < 8.17.0-10.19.2
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
- (no CPE)range: < 2.0-3.4.1
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-hj48-42vr-x3v9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23343ghsaADVISORY
- github.com/jbgutierrez/path-parse/commit/eca63a7b9a473bf6978a2f5b7b3343662d1506f7ghsaWEB
- github.com/jbgutierrez/path-parse/issues/8ghsax_refsource_MISCWEB
- github.com/jbgutierrez/path-parse/pull/10ghsaWEB
- lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85%40%3Cdev.myfaces.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85@%3Cdev.myfaces.apache.org%3EghsaWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-PATHPARSE-1077067ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.