Movatterモバイル変換

[0]ホーム
URL:

You are viewing this page in an unauthorized frame window.

This is a potential security issue, you are being redirected tohttps://nvd.nist.gov

U.S. flag  An official website of the United States government
Dot gov

Official websites use .gov
A.gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
Alock (Dot gov) orhttps:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

  • VulnerabilitiesExpand or Collapse
  • Vulnerability MetricsExpand or Collapse
  • ProductsExpand or Collapse

    CPE Dictionary

    CPE Search

    CPE Statistics

    SWID

  • DevelopersExpand or Collapse

    Start Here

    Request an API Key

    Vulnerabilities

    Products

    Data Sources

    Terms of Use

  • Contact NVD
  • Other SitesExpand or Collapse

    Checklist (NCP) Repository

    Configurations (CCE)

    800-53 Controls

    SCAPValidated Tools

    SCAP

    USGCB

  • SearchExpand or Collapse

    Vulnerability Search

    CPE Search

    • Information Technology Laboratory

    National Vulnerability Database

    National Vulnerability Database

    NVD

    National Vulnerability Database
    1. Vulnerabilities
    AddedReferenceAddedReferenceAddedReferenceAddedReference

    CVE-2021-3807 Detail

    Modified

    This CVE record has been updated after NVD enrichment efforts were completed. Enrichment data supplied by the NVD may require amendment due to these changes.

    Description

    ansi-regex is vulnerable to Inefficient Regular Expression Complexity


    Metrics

    NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
    CVSS 4.0 Severity and Vector Strings:

    NIST CVSS score
    NIST: NVD
    NVD assessment not yet provided.
    CVSS 3.x Severity and Vector Strings:

    NIST CVSS score
    NIST: NVD
    BaseScore: 7.5 HIGH
    Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Nist CVSS score does not match with CNA score
    CNA: huntr.dev
    BaseScore: 7.5 HIGH
    Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    CVSS 2.0 Severity and Vector Strings:

    National Institute of Standards and Technology
    NIST: NVD
    BaseScore: 7.8 HIGH
    Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

    References to Advisories, Solutions, and Tools

    By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page tonvd@nist.gov.

    HyperlinkResource
    https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9Patch Third Party Advisory 
    https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9Patch Third Party Advisory 
    https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994Exploit Issue Tracking Patch Third Party Advisory 
    https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994Exploit Issue Tracking Patch Third Party Advisory 
    https://security.netapp.com/advisory/ntap-20221014-0002/Third Party Advisory 
    https://security.netapp.com/advisory/ntap-20221014-0002/Third Party Advisory 
    https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch Third Party Advisory 
    https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch Third Party Advisory 

    Weakness Enumeration

    CWE-IDCWE NameSource
    CWE-1333Inefficient Regular Expression Complexitycwe source acceptance levelNIST  huntr.dev  

    Known Affected Software ConfigurationsSwitch to CPE 2.2

    CPEs loading, please wait.

    Denotes Vulnerable Software
    Are we missing a CPE here? Please let us know.

    Change History

    10 change records foundshow changes

    CVE Modified by CVE11/21/2024 1:22:29 AM

    ActionTypeOld ValueNew Value
    https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9


    https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994


    https://security.netapp.com/advisory/ntap-20221014-0002/


    https://www.oracle.com/security-alerts/cpuapr2022.html


    CVE Modified by huntr.dev5/14/2024 5:25:18 AM

    ActionTypeOld ValueNew Value

    Reanalysis by NIST7/10/2023 3:01:59 PM

    ActionTypeOld ValueNew ValueAddedCWE
    NIST CWE-1333


    RemovedCWE
    NIST CWE-697


    Modified Analysis by NIST11/07/2022 1:43:13 PM

    ActionTypeOld ValueNew ValueChangedReference Type
    https://security.netapp.com/advisory/ntap-20221014-0002/ No Types Assigned


    https://security.netapp.com/advisory/ntap-20221014-0002/ Third Party Advisory


    CVE Modified by huntr.dev10/14/2022 9:15:11 AM

    ActionTypeOld ValueNew ValueAddedReference
    https://security.netapp.com/advisory/ntap-20221014-0002/ [No Types Assigned]


    Modified Analysis by NIST7/29/2022 10:45:01 PM

    ActionTypeOld ValueNew ValueAddedCWE
    NIST CWE-697


    RemovedCWE
    NIST NVD-CWE-Other


    AddedCPE Configuration
    OR     *cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*


    ChangedReference Type
    https://www.oracle.com/security-alerts/cpuapr2022.html No Types Assigned


    https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory


    CVE Modified by huntr.dev4/19/2022 8:16:20 PM

    ActionTypeOld ValueNew ValueAddedCWE
    huntr.dev CWE-1333


    AddedReference
    https://www.oracle.com/security-alerts/cpuapr2022.html [No Types Assigned]


    Reanalysis by NIST3/30/2022 12:37:34 PM

    ActionTypeOld ValueNew ValueChangedCPE Configuration
    OR     *cpe:2.3:a:ansi-regex_project:ansi-regex:*:*:*:*:*:node.js:*:* versions from (including) 3.0.0 up to (excluding) 5.0.1     *cpe:2.3:a:ansi-regex_project:ansi-regex:*:*:*:*:*:node.js:*:* versions from (including) 6.0.0 up to (excluding) 6.0.1


    OR     *cpe:2.3:a:ansi-regex_project:ansi-regex:3.0.0:*:*:*:*:node.js:*:*     *cpe:2.3:a:ansi-regex_project:ansi-regex:*:*:*:*:*:node.js:*:* versions from (including) 4.0.0 up to (excluding) 4.1.1     *cpe:2.3:a:ansi-regex_project:ansi-regex:5.0.0:*:*:*:*:node.js:*:*     *cpe:2.3:a:ansi-regex_project:ansi-regex:6.0.0:*:*:*:*:node.js:*:*


    Reanalysis by NIST10/19/2021 9:11:54 AM

    ActionTypeOld ValueNew ValueChangedCPE Configuration
    OR     *cpe:2.3:a:ansi-regex_project:ansi-regex:*:*:*:*:*:node.js:*:* versions up to (excluding) 5.0.1     *cpe:2.3:a:ansi-regex_project:ansi-regex:6.0.0:*:*:*:*:node.js:*:*


    OR     *cpe:2.3:a:ansi-regex_project:ansi-regex:*:*:*:*:*:node.js:*:* versions from (including) 3.0.0 up to (excluding) 5.0.1     *cpe:2.3:a:ansi-regex_project:ansi-regex:*:*:*:*:*:node.js:*:* versions from (including) 6.0.0 up to (excluding) 6.0.1


    Initial Analysis by NIST9/28/2021 12:04:19 PM

    ActionTypeOld ValueNew ValueAddedCVSS V3.1
    NIST AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H


    AddedCVSS V2
    NIST (AV:N/AC:L/Au:N/C:N/I:N/A:C)


    AddedCWE
    NIST NVD-CWE-Other


    AddedCPE Configuration
    OR     *cpe:2.3:a:ansi-regex_project:ansi-regex:*:*:*:*:*:node.js:*:* versions up to (excluding) 5.0.1     *cpe:2.3:a:ansi-regex_project:ansi-regex:6.0.0:*:*:*:*:node.js:*:*


    ChangedReference Type
    https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 No Types Assigned


    https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 Patch, Third Party Advisory


    ChangedReference Type
    https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 No Types Assigned


    https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 Exploit, Issue Tracking, Patch, Third Party Advisory


    Quick Info

    CVE Dictionary Entry:
    CVE-2021-3807
    NVD Published Date:
    09/17/2021
    NVD Last Modified:
    11/21/2024
    Source:
    huntr.dev
    [8]ページ先頭
    ©2009-2025 Movatter.jp