CVE-2021-23343

All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
path-parse_projectpath-parse
𝑥
< 1.0.7
𝑥
= Vulnerable software versions
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
nodejs-common
suse enterprise sap 15
2.0-3.4.1
fixed
suse enterprise sap 15 SP1
2.0-3.4.1
fixed
suse enterprise server 15
2.0-3.4.1
fixed
suse enterprise server 15 SP1
2.0-3.4.1
fixed
suse enterprise server 15 SP2
2.0-3.4.1
fixed
nodejs10
suse enterprise sap 15
10.24.1-150000.1.44.1
fixed
suse enterprise sap 15 SP1
10.24.1-150000.1.44.1
fixed
suse enterprise server 15
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP1
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP2
10.24.1-150000.1.44.1
fixed
nodejs10-devel
suse enterprise sap 15
10.24.1-150000.1.44.1
fixed
suse enterprise sap 15 SP1
10.24.1-150000.1.44.1
fixed
suse enterprise server 15
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP1
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP2
10.24.1-150000.1.44.1
fixed
nodejs10-docs
suse enterprise sap 15
10.24.1-150000.1.44.1
fixed
suse enterprise sap 15 SP1
10.24.1-150000.1.44.1
fixed
suse enterprise server 15
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP1
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP2
10.24.1-150000.1.44.1
fixed
nodejs12
suse enterprise sap 15 SP3
12.22.10-4.29.3
fixed
suse enterprise server 15 SP2
12.22.10-4.29.3
fixed
suse enterprise server 15 SP3
12.22.10-4.29.3
fixed
nodejs12-devel
suse enterprise sap 15 SP3
12.22.10-4.29.3
fixed
suse enterprise server 15 SP2
12.22.10-4.29.3
fixed
suse enterprise server 15 SP3
12.22.10-4.29.3
fixed
nodejs12-docs
suse enterprise sap 15 SP3
12.22.10-4.29.3
fixed
suse enterprise server 15 SP2
12.22.10-4.29.3
fixed
suse enterprise server 15 SP3
12.22.10-4.29.3
fixed
nodejs14
suse enterprise sap 15 SP3
14.19.0-15.27.1
fixed
suse enterprise server 15 SP2
14.19.0-15.27.1
fixed
suse enterprise server 15 SP3
14.19.0-15.27.1
fixed
nodejs14-devel
suse enterprise sap 15 SP3
14.19.0-15.27.1
fixed
suse enterprise server 15 SP2
14.19.0-15.27.1
fixed
suse enterprise server 15 SP3
14.19.0-15.27.1
fixed
nodejs14-docs
suse enterprise sap 15 SP3
14.19.0-15.27.1
fixed
suse enterprise server 15 SP2
14.19.0-15.27.1
fixed
suse enterprise server 15 SP3
14.19.0-15.27.1
fixed
nodejs8
suse enterprise sap 15
8.17.0-3.54.2
fixed
suse enterprise sap 15 SP1
8.17.0-3.54.2
fixed
suse enterprise server 15
8.17.0-3.54.2
fixed
suse enterprise server 15 SP1
8.17.0-3.54.2
fixed
suse enterprise server 15 SP2
8.17.0-10.19.2
fixed
nodejs8-devel
suse enterprise sap 15
8.17.0-3.54.2
fixed
suse enterprise sap 15 SP1
8.17.0-3.54.2
fixed
suse enterprise server 15
8.17.0-3.54.2
fixed
suse enterprise server 15 SP1
8.17.0-3.54.2
fixed
suse enterprise server 15 SP2
8.17.0-10.19.2
fixed
nodejs8-docs
suse enterprise sap 15
8.17.0-3.54.2
fixed
suse enterprise sap 15 SP1
8.17.0-3.54.2
fixed
suse enterprise server 15
8.17.0-3.54.2
fixed
suse enterprise server 15 SP1
8.17.0-3.54.2
fixed
suse enterprise server 15 SP2
8.17.0-10.19.2
fixed
npm10
suse enterprise sap 15
10.24.1-150000.1.44.1
fixed
suse enterprise sap 15 SP1
10.24.1-150000.1.44.1
fixed
suse enterprise server 15
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP1
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP2
10.24.1-150000.1.44.1
fixed
npm12
suse enterprise sap 15 SP3
12.22.10-4.29.3
fixed
suse enterprise server 15 SP2
12.22.10-4.29.3
fixed
suse enterprise server 15 SP3
12.22.10-4.29.3
fixed
npm14
suse enterprise sap 15 SP3
14.19.0-15.27.1
fixed
suse enterprise server 15 SP2
14.19.0-15.27.1
fixed
suse enterprise server 15 SP3
14.19.0-15.27.1
fixed
npm8
suse enterprise sap 15
8.17.0-3.54.2
fixed
suse enterprise sap 15 SP1
8.17.0-3.54.2
fixed
suse enterprise server 15
8.17.0-3.54.2
fixed
suse enterprise server 15 SP1
8.17.0-3.54.2
fixed
suse enterprise server 15 SP2
8.17.0-10.19.2
fixed
References
https://github.com/jbgutierrez/path-parse/issues/8
https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85%40%3Cdev.myfaces.apache.org%3E
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028
https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067
https://github.com/jbgutierrez/path-parse/issues/8
https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85%40%3Cdev.myfaces.apache.org%3E
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028
https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067