What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2021-23362.

What is the severity of CVE-2021-23362?

The severity of CVE-2021-23362 is high with a score of 7.5.

Which software versions are affected by CVE-2021-23362?

The affected software versions are hosted-git-info before 3.0.8 and 2.0.0 to 2.8.9.

How can an attacker exploit CVE-2021-23362?

An attacker can exploit CVE-2021-23362 by crafting a regular expression that takes an ever increasing amount of time to process, leading to a denial of service.

Where can I find more information about CVE-2021-23362?

You can find more information about CVE-2021-23362 at the following references: [link1](https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf), [link2](https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7), [link3](https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01).

Vulnerability/
CVE-2021-23362

high

7.5

CWE

1333 400

23/3/2021

8/8/2023

CVE-2021-23362

First published: Tue Mar 23 2021(Updated: )

Node.js hosted-git-info module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the fromUrl function in index.js. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.

Credit: report@snyk.io report@snyk.io

Affected Software	Affected Version	How to fix
redhat/rh-nodejs12-nodejs	<0:12.22.2-1.el7	0:12.22.2-1.el7
redhat/rh-nodejs12-nodejs-nodemon	<0:2.0.3-2.el7	0:2.0.3-2.el7
redhat/rh-nodejs14-nodejs	<0:14.17.2-1.el7	0:14.17.2-1.el7
redhat/rh-nodejs14-nodejs-nodemon	<0:2.0.3-2.el7	0:2.0.3-2.el7
Npmjs Hosted-git-info	>=2.0.0<2.8.9
Npmjs Hosted-git-info	>=3.0.0<3.0.8
Siemens Sinec Infrastructure Network Services	<1.0.1.1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-23362.
What is the severity of CVE-2021-23362?
The severity of CVE-2021-23362 is high with a score of 7.5.
Which software versions are affected by CVE-2021-23362?
The affected software versions are hosted-git-info before 3.0.8 and 2.0.0 to 2.8.9.
How can an attacker exploit CVE-2021-23362?
An attacker can exploit CVE-2021-23362 by crafting a regular expression that takes an ever increasing amount of time to process, leading to a denial of service.
Where can I find more information about CVE-2021-23362?
You can find more information about CVE-2021-23362 at the following references: [link1](https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf), [link2](https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7), [link3](https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01).

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/ibm-support
collector/nvd-api
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2021-23362
agent/software-canonical-lookup
collector/redhat-cve
vendor/npmjs
canonical/npmjs hosted-git-info
version/npmjs hosted-git-info/2.0.0
version/npmjs hosted-git-info/3.0.0
vendor/siemens
canonical/siemens sinec infrastructure network services
package-manager/redhat