CVE-2021-23362

Summary

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.

Affected Software

VendorProductVersion RangeStatus
n/ahosted-git-infounspecified < 3.0.8affected

Weaknesses

  • Regular Expression Denial of Service (ReDoS)

ADP Enrichment

CVE Program Container

Additional References

References