High severityNVD Advisory· Published Aug 18, 2021· Updated Sep 16, 2024
Regular Expression Denial of Service (ReDoS)
CVE-2021-23424
Description
This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ansi-htmlnpm | < 0.0.8 | 0.0.8 |
Affected products
2- ansi-html/ansi-htmldescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-whgm-jr23-g3j9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23424ghsaADVISORY
- github.com/Tjatse/ansi-html/commit/8142b25bca3133ea060bcc1889277dc482327a63ghsaWEB
- github.com/Tjatse/ansi-html/issues/19ghsax_refsource_MISCWEB
- github.com/ioet/time-tracker-ui/security/advisories/GHSA-4fjc-8q3h-8r69ghsaWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1567198ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-ANSIHTML-1296849ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.