CVE-2021-23364
Description
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
References
ExploitPatchThird Party Advisory
PatchThird Party Advisory
Third Party Advisory
Broken Link
ExploitPatchThird Party Advisory
CvssV3 impact
BaseSeverity | MEDIUM |
ConfidentialityImpact | NONE |
AttackComplexity | LOW |
Scope | UNCHANGED |
AttackVector | NETWORK |
AvailabilityImpact | LOW |
IntegrityImpact | NONE |
PrivilegesRequired | NONE |
BaseScore | 5.3 |
VectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Version | 3.1 |
UserInteraction | NONE |
CvssV2 impact
AccessComplexity | LOW |
ConfidentialityImpact | NONE |
AvailabilityImpact | PARTIAL |
IntegrityImpact | NONE |
BaseScore | 5 |
VectorString | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Version | 2.0 |
AccessVector | NETWORK |
Authentication | NONE |