CVE-2021-33502

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions normalize-url versions 4.5.0 and earlier, 5.x before 5.3.1, and 6.x before 6.0.1

Description The issue is related to a ReDoS (regular expression denial of service) problem, which causes exponential performance for data: URLs. This can lead to uncontrolled resource consumption. An attacker could exploit this issue to cause a denial of service.

Recommendations For versions 4.5.0 and earlier, update to version 4.5.1 or later. For versions 5.x before 5.3.1, update to version 5.3.1 or later. For versions 6.x before 6.0.1, update to version 6.0.1 or later.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333CWE-400

Related Identifiers

ALSA-2021:5171

ALSA-2022:0350

ALSA-2022:6595

AZL-44850

BDU:2021-04609

CESA-2021_5171

CESA-2022_0350

CVE-2021-33502

GHSA-PX4H-XG32-Q955

RHSA-2021:2931

RHSA-2021:2932

RHSA-2021:5171

RHSA-2021_5171

RHSA-2022:0246

RHSA-2022:0350

RHSA-2022:4711

RHSA-2022:6595

RHSA-2022_0350

RHSA-2022_6595

RLSA-2021:5171

RLSA-2022:0350

RLSA-2022:6595

Affected Products

Almalinux

Centos

Red Hat

Rocky Linux

Normalize-Url

CVE-2021-33502

Weakness Enumeration

Related Identifiers

Affected Products

References · 80