CVE-2021-23490 (High) detected in parse-link-header-1.0.1.tgz #1069
Labels
cve
Security vulnerabilities detected by Dependabot or Mend
medium severity
Medium severity CVE
Mend: dependency security vulnerability
Security vulnerability detected by Mend
v2.0.0
Comments
mend-for-github.aaakk.us.kg
bot
added
the
Mend: dependency security vulnerability
tmarkley
added
medium severity
mend-for-github.aaakk.us.kg
bot
changed the title
AMoo-Miki
pushed a commit
to AMoo-Miki/OpenSearch-Dashboards
that referenced
this issue
Feb 10, 2022
Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](indutny/elliptic@v6.5.3...v6.5.4) Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-23490 - High Severity Vulnerability
Parses a link header and returns paging information for each contained link.
Library home page: https://registry.npmjs.org/parse-link-header/-/parse-link-header-1.0.1.tgz
Dependency Hierarchy:
Found in HEAD commit: 4fd064970b66ce555f48c22dfab6ed965d0e260a
Found in base branch: main
The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.
Publish Date: 2021-12-24
URL: CVE-2021-23490
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23490
Release Date: 2021-12-24
Fix Resolution: parse-link-header - 2.0.0
The text was updated successfully, but these errors were encountered: