An update for nodejs-hosted-git-info is now available for openEuler-20.03-LTS-SP1
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1168
Final
1.0
1.0
2021-05-06
Initial
2021-05-06
2021-05-06
openEuler SA Tool V1.0
2021-05-06
nodejs-hosted-git-info security update
An update for nodejs-hosted-git-info is now available for openEuler-20.03-LTS-SP1.
Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab
Security Fix(es):
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.(CVE-2021-23362)
An update for nodejs-hosted-git-info is now available for openEuler-20.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
nodejs-hosted-git-info
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1168
https://openeuler.org/en/security/cve/detail.html?id=CVE-2021-23362
https://nvd.nist.gov/vuln/detail/CVE-2021-23362
openEuler-20.03-LTS-SP1
nodejs-hosted-git-info-2.1.4-2.oe1.noarch.rpm
nodejs-hosted-git-info-2.1.4-2.oe1.src.rpm
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
2021-05-06
CVE-2021-23362
openEuler-20.03-LTS-SP1
Medium
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nodejs-hosted-git-info security update
2021-05-06
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1168