High severityNVD Advisory· Published Jun 8, 2021· Updated Sep 16, 2024
Regular Expression Denial of Service (ReDoS)
CVE-2021-23392
Description
The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
locutusnpm | < 2.0.15 | 2.0.15 |
Affected products
2- locutus/locutusdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-39q4-p535-c852ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23392ghsaADVISORY
- github.com/locutusjs/locutus/commit/eb863321990e7e5514aa14f68b8d9978ece9e65eghsax_refsource_MISCWEB
- github.com/locutusjs/locutus/pull/446ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-LOCUTUS-1090597ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.