npm package

normalize-url

pkg:npm/normalize-url

Vulnerabilities (1)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2021-33502		—		>= 4.3.0, < 4.5.1	4.5.1	May 24, 2021	The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

CVE-2021-33502May 24, 2021
affected >= 4.3.0, < 4.5.1fixed 4.5.1
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.