Vulnerability Details CVE-2021-23346
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.2%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 5.0
References
- https://github.com/HenrikJoreteg/html-parse-stringify/blob/master/lib/parse.js%23L2
- https://github.com/HenrikJoreteg/html-parse-stringify/commit/c7274a48e59c92b2b7e906fedf9065159e73fe12
- https://github.com/rayd/html-parse-stringify2/blob/master/lib/parse.js%23L2
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1080633
- https://snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY-1079306
- https://snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY2-1079307
- https://github.com/HenrikJoreteg/html-parse-stringify/blob/master/lib/parse.js%23L2
- https://github.com/HenrikJoreteg/html-parse-stringify/commit/c7274a48e59c92b2b7e906fedf9065159e73fe12
- https://github.com/rayd/html-parse-stringify2/blob/master/lib/parse.js%23L2
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1080633
- https://snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY-1079306
- https://snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY2-1079307
Products affected by CVE-2021-23346
-
cpe:2.3:a:html-parse-stringify_project:html-parse-stringify:*