Common Weakness Enumeration

CWE-1333

Allowed

Inefficient Regular Expression Complexity

Abstraction: Base · Status: Draft

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

725 vulnerabilities reference this CWE, most recent first.

CVE-2021-3807 (GCVE-0-2021-3807)

Vulnerability from cvelistv5 – Published: 2021-09-17 00:00 – Updated: 2024-08-03 17:09
VLAI
Title
Inefficient Regular Expression Complexity in chalk/ansi-regex
Summary
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
Impacted products
Vendor Product Version
chalk chalk/ansi-regex Affected: unspecified , < 6.0.1 (custom)
Affected: unspecified , < 5.0.1 (custom)
Unaffected: 5.0.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:08.762Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221014-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "chalk/ansi-regex",
          "vendor": "chalk",
          "versions": [
            {
              "lessThan": "6.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "5.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "5.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ansi-regex is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-14T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
        },
        {
          "url": "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221014-0002/"
        }
      ],
      "source": {
        "advisory": "5b3cf33b-ede0-4398-9974-800876dfd994",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3807",
    "datePublished": "2021-09-17T00:00:00.000Z",
    "dateReserved": "2021-09-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:09:08.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3804 (GCVE-0-2021-3804)

Vulnerability from cvelistv5 – Published: 2021-09-17 06:15 – Updated: 2024-08-03 17:09
VLAI
Title
Inefficient Regular Expression Complexity in nervjs/taro
Summary
taro is vulnerable to Inefficient Regular Expression Complexity
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
Vendor Product Version
nervjs nervjs/taro Affected: unspecified , ≤ 3.3.8 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:09.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/0ebe85e6-cc85-42b8-957e-18d8df277414"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nervjs/taro/commit/acadb6c826ba57f2030a626f1de4f7b4608fcdb5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nervjs/taro",
          "vendor": "nervjs",
          "versions": [
            {
              "lessThanOrEqual": "3.3.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "taro is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-17T06:15:21.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/0ebe85e6-cc85-42b8-957e-18d8df277414"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nervjs/taro/commit/acadb6c826ba57f2030a626f1de4f7b4608fcdb5"
        }
      ],
      "source": {
        "advisory": "0ebe85e6-cc85-42b8-957e-18d8df277414",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in nervjs/taro",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3804",
          "STATE": "PUBLIC",
          "TITLE": "Inefficient Regular Expression Complexity in nervjs/taro"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "nervjs/taro",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "3.3.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "nervjs"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "taro is vulnerable to Inefficient Regular Expression Complexity"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1333 Inefficient Regular Expression Complexity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/0ebe85e6-cc85-42b8-957e-18d8df277414",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/0ebe85e6-cc85-42b8-957e-18d8df277414"
            },
            {
              "name": "https://github.com/nervjs/taro/commit/acadb6c826ba57f2030a626f1de4f7b4608fcdb5",
              "refsource": "MISC",
              "url": "https://github.com/nervjs/taro/commit/acadb6c826ba57f2030a626f1de4f7b4608fcdb5"
            }
          ]
        },
        "source": {
          "advisory": "0ebe85e6-cc85-42b8-957e-18d8df277414",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3804",
    "datePublished": "2021-09-17T06:15:21.000Z",
    "dateReserved": "2021-09-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:09:09.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3803 (GCVE-0-2021-3803)

Vulnerability from cvelistv5 – Published: 2021-09-17 00:00 – Updated: 2024-08-03 17:09
VLAI
Title
Inefficient Regular Expression Complexity in fb55/nth-check
Summary
nth-check is vulnerable to Inefficient Regular Expression Complexity
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
Impacted products
Vendor Product Version
fb55 fb55/nth-check Affected: unspecified , < 2.0.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:08.622Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726"
          },
          {
            "name": "[debian-lts-announce] 20230522 [SECURITY] [DLA 3428-1] node-nth-check security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00023.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "fb55/nth-check",
          "vendor": "fb55",
          "versions": [
            {
              "lessThan": "2.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "nth-check is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-22T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0"
        },
        {
          "url": "https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726"
        },
        {
          "name": "[debian-lts-announce] 20230522 [SECURITY] [DLA 3428-1] node-nth-check security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00023.html"
        }
      ],
      "source": {
        "advisory": "8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in fb55/nth-check"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3803",
    "datePublished": "2021-09-17T00:00:00.000Z",
    "dateReserved": "2021-09-15T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:09:08.622Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3801 (GCVE-0-2021-3801)

Vulnerability from cvelistv5 – Published: 2021-09-15 12:40 – Updated: 2024-08-03 17:09
VLAI
Title
Inefficient Regular Expression Complexity in prismjs/prism
Summary
prism is vulnerable to Inefficient Regular Expression Complexity
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
Vendor Product Version
prismjs prismjs/prism Affected: unspecified , ≤ 1.24.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:09.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "prismjs/prism",
          "vendor": "prismjs",
          "versions": [
            {
              "lessThanOrEqual": "1.24.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "prism is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-15T12:40:11.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9"
        }
      ],
      "source": {
        "advisory": "8c16ab31-6eb6-46d1-b9a4-387222fe1b8a",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in prismjs/prism",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3801",
          "STATE": "PUBLIC",
          "TITLE": "Inefficient Regular Expression Complexity in prismjs/prism"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "prismjs/prism",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.24.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "prismjs"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "prism is vulnerable to Inefficient Regular Expression Complexity"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1333 Inefficient Regular Expression Complexity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a"
            },
            {
              "name": "https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9",
              "refsource": "MISC",
              "url": "https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9"
            }
          ]
        },
        "source": {
          "advisory": "8c16ab31-6eb6-46d1-b9a4-387222fe1b8a",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3801",
    "datePublished": "2021-09-15T12:40:11.000Z",
    "dateReserved": "2021-09-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:09:09.479Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3795 (GCVE-0-2021-3795)

Vulnerability from cvelistv5 – Published: 2021-09-15 16:23 – Updated: 2024-08-03 17:09
VLAI
Title
Inefficient Regular Expression Complexity in sindresorhus/semver-regex
Summary
semver-regex is vulnerable to Inefficient Regular Expression Complexity
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
Vendor Product Version
sindresorhus sindresorhus/semver-regex Affected: unspecified , < 4.0.1 (custom)
Affected: unspecified , < 3.1.3 (custom)
Unaffected: 3.1.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:08.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/006624e3-35ac-448f-aab9-7b5183f30e28"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sindresorhus/semver-regex/commit/11c66245f4e1976dccc52977ed183696a21a3fd7"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "sindresorhus/semver-regex",
          "vendor": "sindresorhus",
          "versions": [
            {
              "lessThan": "4.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "3.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "semver-regex is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-15T16:23:49.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/006624e3-35ac-448f-aab9-7b5183f30e28"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sindresorhus/semver-regex/commit/11c66245f4e1976dccc52977ed183696a21a3fd7"
        }
      ],
      "source": {
        "advisory": "006624e3-35ac-448f-aab9-7b5183f30e28",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in sindresorhus/semver-regex",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3795",
          "STATE": "PUBLIC",
          "TITLE": "Inefficient Regular Expression Complexity in sindresorhus/semver-regex"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "sindresorhus/semver-regex",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "4.0.1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "3.1.3"
                          },
                          {
                            "version_affected": "!",
                            "version_value": "3.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "sindresorhus"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "semver-regex is vulnerable to Inefficient Regular Expression Complexity"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1333 Inefficient Regular Expression Complexity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/006624e3-35ac-448f-aab9-7b5183f30e28",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/006624e3-35ac-448f-aab9-7b5183f30e28"
            },
            {
              "name": "https://github.com/sindresorhus/semver-regex/commit/11c66245f4e1976dccc52977ed183696a21a3fd7",
              "refsource": "MISC",
              "url": "https://github.com/sindresorhus/semver-regex/commit/11c66245f4e1976dccc52977ed183696a21a3fd7"
            }
          ]
        },
        "source": {
          "advisory": "006624e3-35ac-448f-aab9-7b5183f30e28",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3795",
    "datePublished": "2021-09-15T16:23:49.000Z",
    "dateReserved": "2021-09-11T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:09:08.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3794 (GCVE-0-2021-3794)

Vulnerability from cvelistv5 – Published: 2021-09-15 12:25 – Updated: 2024-08-03 17:09
VLAI
Title
Inefficient Regular Expression Complexity in vuelidate/vuelidate
Summary
vuelidate is vulnerable to Inefficient Regular Expression Complexity
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
Vendor Product Version
vuelidate vuelidate/vuelidate Affected: unspecified , ≤ 2.0.0-alpha.25 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:08.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/d8201b98-fb91-4c12-a6f7-181b4a20d9b7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vuelidate/vuelidate/commit/1f0ca31c30e5032f00dbd14c4791b5ee7928f71d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vuelidate/vuelidate",
          "vendor": "vuelidate",
          "versions": [
            {
              "lessThanOrEqual": "2.0.0-alpha.25",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "vuelidate is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-15T12:25:09.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/d8201b98-fb91-4c12-a6f7-181b4a20d9b7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vuelidate/vuelidate/commit/1f0ca31c30e5032f00dbd14c4791b5ee7928f71d"
        }
      ],
      "source": {
        "advisory": "d8201b98-fb91-4c12-a6f7-181b4a20d9b7",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in vuelidate/vuelidate",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3794",
          "STATE": "PUBLIC",
          "TITLE": "Inefficient Regular Expression Complexity in vuelidate/vuelidate"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "vuelidate/vuelidate",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.0.0-alpha.25"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "vuelidate"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "vuelidate is vulnerable to Inefficient Regular Expression Complexity"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1333 Inefficient Regular Expression Complexity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/d8201b98-fb91-4c12-a6f7-181b4a20d9b7",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/d8201b98-fb91-4c12-a6f7-181b4a20d9b7"
            },
            {
              "name": "https://github.com/vuelidate/vuelidate/commit/1f0ca31c30e5032f00dbd14c4791b5ee7928f71d",
              "refsource": "MISC",
              "url": "https://github.com/vuelidate/vuelidate/commit/1f0ca31c30e5032f00dbd14c4791b5ee7928f71d"
            }
          ]
        },
        "source": {
          "advisory": "d8201b98-fb91-4c12-a6f7-181b4a20d9b7",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3794",
    "datePublished": "2021-09-15T12:25:09.000Z",
    "dateReserved": "2021-09-11T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:09:08.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3777 (GCVE-0-2021-3777)

Vulnerability from cvelistv5 – Published: 2021-09-15 07:15 – Updated: 2024-08-03 17:09
VLAI
Title
Inefficient Regular Expression Complexity in daaku/nodejs-tmpl
Summary
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
Vendor Product Version
daaku daaku/nodejs-tmpl Affected: unspecified , < 1.0.5 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:08.812Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/a07b547a-f457-41c9-9d89-ee48bee8a4df"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/daaku/nodejs-tmpl/commit/4c654e4d1542f329ed561fd95ccd80f30c6872d6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "daaku/nodejs-tmpl",
          "vendor": "daaku",
          "versions": [
            {
              "lessThan": "1.0.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-15T07:15:11.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/a07b547a-f457-41c9-9d89-ee48bee8a4df"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/daaku/nodejs-tmpl/commit/4c654e4d1542f329ed561fd95ccd80f30c6872d6"
        }
      ],
      "source": {
        "advisory": "a07b547a-f457-41c9-9d89-ee48bee8a4df",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in daaku/nodejs-tmpl",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3777",
          "STATE": "PUBLIC",
          "TITLE": "Inefficient Regular Expression Complexity in daaku/nodejs-tmpl"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "daaku/nodejs-tmpl",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "1.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "daaku"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1333 Inefficient Regular Expression Complexity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/a07b547a-f457-41c9-9d89-ee48bee8a4df",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/a07b547a-f457-41c9-9d89-ee48bee8a4df"
            },
            {
              "name": "https://github.com/daaku/nodejs-tmpl/commit/4c654e4d1542f329ed561fd95ccd80f30c6872d6",
              "refsource": "MISC",
              "url": "https://github.com/daaku/nodejs-tmpl/commit/4c654e4d1542f329ed561fd95ccd80f30c6872d6"
            }
          ]
        },
        "source": {
          "advisory": "a07b547a-f457-41c9-9d89-ee48bee8a4df",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3777",
    "datePublished": "2021-09-15T07:15:11.000Z",
    "dateReserved": "2021-09-07T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:09:08.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3765 (GCVE-0-2021-3765)

Vulnerability from cvelistv5 – Published: 2021-11-02 07:05 – Updated: 2024-08-03 17:09
VLAI
Title
Inefficient Regular Expression Complexity in validatorjs/validator.js
Summary
validator.js is vulnerable to Inefficient Regular Expression Complexity
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
Vendor Product Version
validatorjs validatorjs/validator.js Affected: unspecified , < 13.7.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:08.828Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "validatorjs/validator.js",
          "vendor": "validatorjs",
          "versions": [
            {
              "lessThan": "13.7.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "validator.js is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-02T07:05:10.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1"
        }
      ],
      "source": {
        "advisory": "c37e975c-21a3-4c5f-9b57-04d63b28cfc9",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in validatorjs/validator.js",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3765",
          "STATE": "PUBLIC",
          "TITLE": "Inefficient Regular Expression Complexity in validatorjs/validator.js"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "validatorjs/validator.js",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "13.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "validatorjs"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "validator.js is vulnerable to Inefficient Regular Expression Complexity"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1333 Inefficient Regular Expression Complexity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9"
            },
            {
              "name": "https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1",
              "refsource": "MISC",
              "url": "https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1"
            }
          ]
        },
        "source": {
          "advisory": "c37e975c-21a3-4c5f-9b57-04d63b28cfc9",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3765",
    "datePublished": "2021-11-02T07:05:10.000Z",
    "dateReserved": "2021-09-03T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:09:08.828Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3749 (GCVE-0-2021-3749)

Vulnerability from cvelistv5 – Published: 2021-08-31 10:36 – Updated: 2024-08-03 17:09
VLAI
Title
Inefficient Regular Expression Complexity in axios/axios
Summary
axios is vulnerable to Inefficient Regular Expression Complexity
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
Impacted products
Vendor Product Version
axios axios/axios Affected: unspecified , ≤ 0.21.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:08.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
          },
          {
            "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211008 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [druid] branch master updated: Fix CVE-2021-3749 reported in security vulnerabilities job (#11786)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson merged pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-dev] 20211009 [CRON] Passed: apache/druid#33528 (master - adb2237)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a%40%3Cdev.druid.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "axios/axios",
          "vendor": "axios",
          "versions": [
            {
              "lessThanOrEqual": "0.21.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "axios is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-13T11:06:31.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
        },
        {
          "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211008 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [druid] branch master updated: Fix CVE-2021-3749 reported in security vulnerabilities job (#11786)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson merged pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-dev] 20211009 [CRON] Passed: apache/druid#33528 (master - adb2237)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a%40%3Cdev.druid.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        }
      ],
      "source": {
        "advisory": "1e8f07fc-c384-4ff9-8498-0690de2e8c31",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in axios/axios",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3749",
          "STATE": "PUBLIC",
          "TITLE": "Inefficient Regular Expression Complexity in axios/axios"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "axios/axios",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "0.21.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "axios"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "axios is vulnerable to Inefficient Regular Expression Complexity"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1333 Inefficient Regular Expression Complexity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
            },
            {
              "name": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929",
              "refsource": "MISC",
              "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
            },
            {
              "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211008 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [druid] branch master updated: Fix CVE-2021-3749 reported in security vulnerabilities job (#11786)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson merged pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-dev] 20211009 [CRON] Passed: apache/druid#33528 (master - adb2237)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a@%3Cdev.druid.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
            }
          ]
        },
        "source": {
          "advisory": "1e8f07fc-c384-4ff9-8498-0690de2e8c31",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3749",
    "datePublished": "2021-08-31T10:36:43.000Z",
    "dateReserved": "2021-08-30T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:09:08.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3649 (GCVE-0-2021-3649)

Vulnerability from cvelistv5 – Published: 2021-07-16 13:33 – Updated: 2024-08-03 17:01
VLAI
Title
Inefficient Regular Expression Complexity in chatwoot/chatwoot
Summary
chatwoot is vulnerable to Inefficient Regular Expression Complexity
CWE
  • CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
Impacted products
Vendor Product Version
chatwoot chatwoot/chatwoot Affected: unspecified , ≤ 1.11.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:07.709Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/1625088985607-chatwoot/chatwoot"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/chatwoot/chatwoot/commit/aa7db90cd2d23dbcf22a94f1e4c100dd909e2172"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "chatwoot/chatwoot",
          "vendor": "chatwoot",
          "versions": [
            {
              "lessThanOrEqual": "1.11.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "chatwoot is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-16T13:33:25.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/1625088985607-chatwoot/chatwoot"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/chatwoot/chatwoot/commit/aa7db90cd2d23dbcf22a94f1e4c100dd909e2172"
        }
      ],
      "source": {
        "advisory": "1625088985607-chatwoot/chatwoot",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in chatwoot/chatwoot",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3649",
          "STATE": "PUBLIC",
          "TITLE": "Inefficient Regular Expression Complexity in chatwoot/chatwoot"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "chatwoot/chatwoot",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "1.11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "chatwoot"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "chatwoot is vulnerable to Inefficient Regular Expression Complexity"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1333 Inefficient Regular Expression Complexity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/1625088985607-chatwoot/chatwoot",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/1625088985607-chatwoot/chatwoot"
            },
            {
              "name": "https://github.com/chatwoot/chatwoot/commit/aa7db90cd2d23dbcf22a94f1e4c100dd909e2172",
              "refsource": "MISC",
              "url": "https://github.com/chatwoot/chatwoot/commit/aa7db90cd2d23dbcf22a94f1e4c100dd909e2172"
            }
          ]
        },
        "source": {
          "advisory": "1625088985607-chatwoot/chatwoot",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3649",
    "datePublished": "2021-07-16T13:33:25.000Z",
    "dateReserved": "2021-07-15T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:01:07.709Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Use regular expressions that do not support backtracking, e.g. by removing nested quantifiers.

Mitigation
System Configuration

Set backtracking limits in the configuration of the regular expression implementation, such as PHP's pcre.backtrack_limit. Also consider limits on execution time for the process.

Mitigation
Implementation

Do not use regular expressions with untrusted input. If regular expressions must be used, avoid using backtracking in the expression.

Mitigation
Implementation

Limit the length of the input that the regular expression will process.

CAPEC-492: Regular Expression Exponential Blowup

An adversary may execute an attack on a program that uses a poor Regular Expression(Regex) implementation by choosing input that results in an extreme situation for the Regex. A typical extreme situation operates at exponential time compared to the input size. This is due to most implementations using a Nondeterministic Finite Automaton(NFA) state machine to be built by the Regex algorithm since NFA allows backtracking and thus more complex regular expressions.