Moderate severityNVD Advisory· Published Aug 24, 2022· Updated Aug 4, 2024
ReDoS in uri-template-lite URI.expand function
CVE-2021-43309
Description
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
uri-template-litenpm | < 22.9.0 | 22.9.0 |
Affected products
2- uri-template-lite/uri-template-litev5Range: 0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-chw2-6c7r-37p7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-43309ghsaADVISORY
- github.com/litejs/uri-template-lite/commit/cbeec2b2a275d819fb534137a155df14729706f8ghsaWEB
- github.com/litejs/uri-template-lite/commits/v22.9.0ghsaWEB
- github.com/litejs/uri-template-lite/compare/v22.1.0...v22.9.0mitrex_refsource_MISC
- research.jfrog.com/vulnerabilities/uri-template-lite-redos-xray-211351ghsaWEB
- research.jfrog.com/vulnerabilities/uri-template-lite-redos-xray-211351/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.