High severityNVD Advisory· Published Jan 2, 2023· Updated Aug 3, 2024
cronvel string-kit naturalSort.js naturalSort redos
CVE-2021-4299
Description
A vulnerability classified as problematic was found in cronvel string-kit up to 0.12.7. This vulnerability affects the function naturalSort of the file lib/naturalSort.js. The manipulation leads to inefficient regular expression complexity. The attack can be initiated remotely. Upgrading to version 0.12.8 is able to address this issue. The name of the patch is 9cac4c298ee92c1695b0695951f1488884a7ca73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217180.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
string-kitnpm | < 0.12.8 | 0.12.8 |
Affected products
2- Range: 0.12.0
Patches
Vulnerability mechanics
References
6- github.com/cronvel/string-kit/commit/9cac4c298ee92c1695b0695951f1488884a7ca73ghsapatchWEB
- github.com/cronvel/string-kit/releases/tag/v0.12.8ghsapatchWEB
- github.com/advisories/GHSA-pfrm-4rjw-g9q5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-4299ghsaADVISORY
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.