Rewterz Threat Advisory – CVE-2020-27171 – Linux Kernel information disclosure
March 22, 2021Rewterz Threat Advisory – Multiple Mozilla Security Vulnerabilities
March 24, 2021Rewterz Threat Advisory – CVE-2020-27171 – Linux Kernel information disclosure
March 22, 2021Rewterz Threat Advisory – Multiple Mozilla Security Vulnerabilities
March 24, 2021Severity
Medium
Analysis Summary
CVE-2021-21267
Node.js schema-inspector module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Email address. By sending a specially-crafted regex string, a remote attacker could exploit this vulnerability to cause the program or web browser page to freeze, and results in a denial of service condition.
Impact
Denial of service
Affected Vendors
NodeJs
Affected Products
Node.js schema-inspector 1.7.0
Remediation
Upgrade to the latest version of schema-inspector (2.0.0 or later).