PT-2021-15464 · Unknown · Browserslist

Yeting Li

·

Published

2021-04-28

·

Updated

2023-08-08

·

CVE-2021-23364

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions browserslist versions 4.0.0 through 4.16.5
Description The issue concerns a Regular Expression Denial of Service (ReDoS) that occurs during the parsing of queries.
Recommendations For versions 4.0.0 through 4.16.5, update to a version after 4.16.5 to resolve the issue.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333CWE-400

Related Identifiers

CVE-2021-23364
GHSA-W8QV-6JWH-64R5
SNYK-JAVA-ORGWEBJARSNPM-1277182
SNYK-JS-BROWSERSLIST-1090194

Affected Products

Browserslist