CVE-2021-3807

ansi-regex is vulnerable to Inefficient Regular Expression Complexity
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
ansi-regex_projectansi-regex
4.0.0 ≤
𝑥
< 4.1.1
ansi-regex_projectansi-regex
3.0.0
ansi-regex_projectansi-regex
5.0.0
ansi-regex_projectansi-regex
6.0.0
oraclecommunications_cloud_native_core_policy
1.15.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
node-ansi-regex
bookworm
5.0.1-1
fixed
bullseye
5.0.1-1~deb11u1
fixed
sid
5.0.1-1
fixed
stretch
not-affected
trixie
5.0.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
node-ansi-regex
bionic
needs-triage
focal
needs-triage
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
dne
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bind
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
bind-chrootenv
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
bind-devel
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
bind-doc
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
bind-utils
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libbind9-1600
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libdns1605
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libirs-devel
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libirs1601
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libisc1606
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libisccc1600
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libisccfg1600
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
libns1604
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
nodejs-common
suse enterprise server 15
2.0-3.4.1
fixed
suse enterprise server 15 SP1
2.0-3.4.1
fixed
suse enterprise server 15 SP2
2.0-3.4.1
fixed
nodejs10
suse enterprise server 15
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP1
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP2
10.24.1-150000.1.44.1
fixed
nodejs10-devel
suse enterprise server 15
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP1
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP2
10.24.1-150000.1.44.1
fixed
nodejs10-docs
suse enterprise server 15
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP1
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP2
10.24.1-150000.1.44.1
fixed
nodejs12
suse enterprise sap 15 SP3
12.22.10-4.29.3
fixed
suse enterprise server 15 SP2
12.22.10-4.29.3
fixed
suse enterprise server 15 SP3
12.22.10-4.29.3
fixed
nodejs12-devel
suse enterprise sap 15 SP3
12.22.10-4.29.3
fixed
suse enterprise server 15 SP2
12.22.10-4.29.3
fixed
suse enterprise server 15 SP3
12.22.10-4.29.3
fixed
nodejs12-docs
suse enterprise sap 15 SP3
12.22.10-4.29.3
fixed
suse enterprise server 15 SP2
12.22.10-4.29.3
fixed
suse enterprise server 15 SP3
12.22.10-4.29.3
fixed
nodejs14
suse enterprise sap 15 SP3
14.19.0-15.27.1
fixed
suse enterprise server 15 SP2
14.19.0-15.27.1
fixed
suse enterprise server 15 SP3
14.19.0-15.27.1
fixed
nodejs14-devel
suse enterprise sap 15 SP3
14.19.0-15.27.1
fixed
suse enterprise server 15 SP2
14.19.0-15.27.1
fixed
suse enterprise server 15 SP3
14.19.0-15.27.1
fixed
nodejs14-docs
suse enterprise sap 15 SP3
14.19.0-15.27.1
fixed
suse enterprise server 15 SP2
14.19.0-15.27.1
fixed
suse enterprise server 15 SP3
14.19.0-15.27.1
fixed
nodejs8
suse enterprise server 15
8.17.0-3.54.2
fixed
suse enterprise server 15 SP1
8.17.0-3.54.2
fixed
suse enterprise server 15 SP2
8.17.0-10.19.2
fixed
nodejs8-devel
suse enterprise server 15
8.17.0-3.54.2
fixed
suse enterprise server 15 SP1
8.17.0-3.54.2
fixed
suse enterprise server 15 SP2
8.17.0-10.19.2
fixed
nodejs8-docs
suse enterprise server 15
8.17.0-3.54.2
fixed
suse enterprise server 15 SP1
8.17.0-3.54.2
fixed
suse enterprise server 15 SP2
8.17.0-10.19.2
fixed
npm10
suse enterprise server 15
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP1
10.24.1-150000.1.44.1
fixed
suse enterprise server 15 SP2
10.24.1-150000.1.44.1
fixed
npm12
suse enterprise sap 15 SP3
12.22.10-4.29.3
fixed
suse enterprise server 15 SP2
12.22.10-4.29.3
fixed
suse enterprise server 15 SP3
12.22.10-4.29.3
fixed
npm14
suse enterprise sap 15 SP3
14.19.0-15.27.1
fixed
suse enterprise server 15 SP2
14.19.0-15.27.1
fixed
suse enterprise server 15 SP3
14.19.0-15.27.1
fixed
npm8
suse enterprise server 15
8.17.0-3.54.2
fixed
suse enterprise server 15 SP1
8.17.0-3.54.2
fixed
suse enterprise server 15 SP2
8.17.0-10.19.2
fixed
python3-bind
suse enterprise server 15 SP1
9.16.6-150000.12.65.1
fixed
suse enterprise server 15 SP2
9.16.6-150000.12.65.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
nodejs
RHEL 9
1:16.16.0-1.el9_0
fixed
nodejs-docs
RHEL 9
1:16.16.0-1.el9_0
fixed
nodejs-full-i18n
RHEL 9
1:16.16.0-1.el9_0
fixed
nodejs-libs
RHEL 9
1:16.16.0-1.el9_0
fixed
nodejs-nodemon
RHEL 9
0:2.0.19-1.el9_0
fixed
npm
RHEL 9
1:8.11.0-1.16.16.0.1.el9_0
fixed
Common Weakness Enumeration
References
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://security.netapp.com/advisory/ntap-20221014-0002/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://security.netapp.com/advisory/ntap-20221014-0002/
https://www.oracle.com/security-alerts/cpuapr2022.html