CVE-2021-23490

High

The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.

snyk·CWE-400·Published 2021-12-24

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

135 chars

The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.

NVDen

135 chars

The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.

GHSAen

135 chars

The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.

NVDes

166 chars

El paquete parse-link-header versiones anteriores a 2.0.0, es vulnerable a la Denegación de Servicio por Expresión Regular (ReDoS) por medio de la función checkHeader

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	GHSA	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H