CVE-2021-3801Regex Denial of Service in Prism

CWE-1333Regex Denial of ServiceCWE-400Uncontrolled Resource Consumption7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 48.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Prismjs PrismPrismjs Prism
Timeline
PublishedSep 15
Latest updateSep 20

Description

prism is vulnerable to Inefficient Regular Expression Complexity

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDprismjs/prism< 1.25.0
CVEListV5prismjs/prismjs_prismunspecified1.24.1

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

4
GHSA
prismjs Regular Expression Denial of Service vulnerability2021-09-20
OSV
prismjs Regular Expression Denial of Service vulnerability2021-09-20
OSV
CVE-2021-3801: prism is vulnerable to Inefficient Regular Expression Complexity2021-09-15
CVEList
Inefficient Regular Expression Complexity in prismjs/prism2021-09-15

📋Vendor Advisories

2
Red Hat
nodejs-prismjs: ReDoS vulnerability2021-09-11
Debian
CVE-2021-3801: node-prismjs - prism is vulnerable to Inefficient Regular Expression Complexity2021
CVE-2021-3801 — Regex Denial of Service in Prism | cvebase