CVE-2021-23362

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
npmjshosted-git-info
2.0.0 ≤
𝑥
< 2.8.9
npmjshosted-git-info
3.0.0 ≤
𝑥
< 3.0.8
siemenssinec_infrastructure_network_services
𝑥
< 1.0.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
node-hosted-git-info
bookworm
6.1.1-2
fixed
bullseye
3.0.8-1
fixed
sid
6.1.1-2
fixed
stretch
not-affected
trixie
6.1.1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
node-hosted-git-info
bionic
Fixed 2.5.0-1ubuntu0.1~esm1
released
focal
Fixed 2.8.5-1ubuntu0.1~esm1
released
groovy
ignored
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
nodejs-common
suse enterprise sap 15
2.0-3.2.1
fixed
suse enterprise sap 15 SP1
2.0-3.2.1
fixed
suse enterprise sap 15 SP2
2.0-3.2.1
fixed
suse enterprise server 15
2.0-3.2.1
fixed
suse enterprise server 15 SP1
2.0-3.2.1
fixed
suse enterprise server 15 SP2
2.0-3.2.1
fixed
nodejs10
suse enterprise sap 15
10.24.1-1.36.1
fixed
suse enterprise sap 15 SP1
10.24.1-1.36.1
fixed
suse enterprise sap 15 SP2
10.24.1-1.36.1
fixed
suse enterprise server 15
10.24.1-1.36.1
fixed
suse enterprise server 15 SP1
10.24.1-1.36.1
fixed
suse enterprise server 15 SP2
10.24.1-1.36.1
fixed
nodejs10-devel
suse enterprise sap 15
10.24.1-1.36.1
fixed
suse enterprise sap 15 SP1
10.24.1-1.36.1
fixed
suse enterprise sap 15 SP2
10.24.1-1.36.1
fixed
suse enterprise server 15
10.24.1-1.36.1
fixed
suse enterprise server 15 SP1
10.24.1-1.36.1
fixed
suse enterprise server 15 SP2
10.24.1-1.36.1
fixed
nodejs10-docs
suse enterprise sap 15
10.24.1-1.36.1
fixed
suse enterprise sap 15 SP1
10.24.1-1.36.1
fixed
suse enterprise sap 15 SP2
10.24.1-1.36.1
fixed
suse enterprise server 15
10.24.1-1.36.1
fixed
suse enterprise server 15 SP1
10.24.1-1.36.1
fixed
suse enterprise server 15 SP2
10.24.1-1.36.1
fixed
nodejs12
suse enterprise sap 15 SP2
12.22.2-4.16.1
fixed
suse enterprise sap 15 SP3
12.22.2-4.16.1
fixed
suse enterprise server 15 SP2
12.22.2-4.16.1
fixed
suse enterprise server 15 SP3
12.22.2-4.16.1
fixed
nodejs12-devel
suse enterprise sap 15 SP2
12.22.2-4.16.1
fixed
suse enterprise sap 15 SP3
12.22.2-4.16.1
fixed
suse enterprise server 15 SP2
12.22.2-4.16.1
fixed
suse enterprise server 15 SP3
12.22.2-4.16.1
fixed
nodejs12-docs
suse enterprise sap 15 SP2
12.22.2-4.16.1
fixed
suse enterprise sap 15 SP3
12.22.2-4.16.1
fixed
suse enterprise server 15 SP2
12.22.2-4.16.1
fixed
suse enterprise server 15 SP3
12.22.2-4.16.1
fixed
nodejs14
suse enterprise sap 15 SP2
14.17.2-5.12.1
fixed
suse enterprise sap 15 SP3
14.17.2-5.12.1
fixed
suse enterprise server 15 SP2
14.17.2-5.12.1
fixed
suse enterprise server 15 SP3
14.17.2-5.12.1
fixed
nodejs14-devel
suse enterprise sap 15 SP2
14.17.2-5.12.1
fixed
suse enterprise sap 15 SP3
14.17.2-5.12.1
fixed
suse enterprise server 15 SP2
14.17.2-5.12.1
fixed
suse enterprise server 15 SP3
14.17.2-5.12.1
fixed
nodejs14-docs
suse enterprise sap 15 SP2
14.17.2-5.12.1
fixed
suse enterprise sap 15 SP3
14.17.2-5.12.1
fixed
suse enterprise server 15 SP2
14.17.2-5.12.1
fixed
suse enterprise server 15 SP3
14.17.2-5.12.1
fixed
nodejs8
suse enterprise sap 15
8.17.0-3.47.2
fixed
suse enterprise sap 15 SP1
8.17.0-3.47.2
fixed
suse enterprise sap 15 SP2
8.17.0-10.12.2
fixed
suse enterprise server 15
8.17.0-3.47.2
fixed
suse enterprise server 15 SP1
8.17.0-3.47.2
fixed
suse enterprise server 15 SP2
8.17.0-10.12.2
fixed
nodejs8-devel
suse enterprise sap 15
8.17.0-3.47.2
fixed
suse enterprise sap 15 SP1
8.17.0-3.47.2
fixed
suse enterprise sap 15 SP2
8.17.0-10.12.2
fixed
suse enterprise server 15
8.17.0-3.47.2
fixed
suse enterprise server 15 SP1
8.17.0-3.47.2
fixed
suse enterprise server 15 SP2
8.17.0-10.12.2
fixed
nodejs8-docs
suse enterprise sap 15
8.17.0-3.47.2
fixed
suse enterprise sap 15 SP1
8.17.0-3.47.2
fixed
suse enterprise sap 15 SP2
8.17.0-10.12.2
fixed
suse enterprise server 15
8.17.0-3.47.2
fixed
suse enterprise server 15 SP1
8.17.0-3.47.2
fixed
suse enterprise server 15 SP2
8.17.0-10.12.2
fixed
npm10
suse enterprise sap 15
10.24.1-1.36.1
fixed
suse enterprise sap 15 SP1
10.24.1-1.36.1
fixed
suse enterprise sap 15 SP2
10.24.1-1.36.1
fixed
suse enterprise server 15
10.24.1-1.36.1
fixed
suse enterprise server 15 SP1
10.24.1-1.36.1
fixed
suse enterprise server 15 SP2
10.24.1-1.36.1
fixed
npm12
suse enterprise sap 15 SP2
12.22.2-4.16.1
fixed
suse enterprise sap 15 SP3
12.22.2-4.16.1
fixed
suse enterprise server 15 SP2
12.22.2-4.16.1
fixed
suse enterprise server 15 SP3
12.22.2-4.16.1
fixed
npm14
suse enterprise sap 15 SP2
14.17.2-5.12.1
fixed
suse enterprise sap 15 SP3
14.17.2-5.12.1
fixed
suse enterprise server 15 SP2
14.17.2-5.12.1
fixed
suse enterprise server 15 SP3
14.17.2-5.12.1
fixed
npm8
suse enterprise sap 15
8.17.0-3.47.2
fixed
suse enterprise sap 15 SP1
8.17.0-3.47.2
fixed
suse enterprise sap 15 SP2
8.17.0-10.12.2
fixed
suse enterprise server 15
8.17.0-3.47.2
fixed
suse enterprise server 15 SP1
8.17.0-3.47.2
fixed
suse enterprise server 15 SP2
8.17.0-10.12.2
fixed
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7
https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01
https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
https://github.com/npm/hosted-git-info/commits/v2
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356
https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7
https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01
https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
https://github.com/npm/hosted-git-info/commits/v2
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356
https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355