CVE-2021-3801 - OpenCVE

prism is vulnerable to Inefficient Regular Expression Complexity

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Prismjs	Prism

Configuration 1 [-]

cpe:2.3:a:prismjs:prism:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9	Patch Third Party Advisory
https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a	Exploit Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2021-09-15T12:40:11

Updated: 2021-09-15T12:40:11

Reserved: 2021-09-14T00:00:00

Link: CVE-2021-3801

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-15T13:15:08.360

Modified: 2022-07-29T16:52:57.513

Link: CVE-2021-3801

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "prismjs/prism", "vendor": "prismjs", "versions": [{"lessThanOrEqual": "1.24.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "prism is vulnerable to Inefficient Regular Expression Complexity"}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1333", "description": "CWE-1333 Inefficient Regular Expression Complexity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-15T12:40:11", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9"}], "source": {"advisory": "8c16ab31-6eb6-46d1-b9a4-387222fe1b8a", "discovery": "EXTERNAL"}, "title": "Inefficient Regular Expression Complexity in prismjs/prism", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@huntr.dev", "ID": "CVE-2021-3801", "STATE": "PUBLIC", "TITLE": "Inefficient Regular Expression Complexity in prismjs/prism"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "prismjs/prism", "version": {"version_data": [{"version_affected": "<=", "version_value": "1.24.1"}]}}]}, "vendor_name": "prismjs"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "prism is vulnerable to Inefficient Regular Expression Complexity"}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-1333 Inefficient Regular Expression Complexity"}]}]}, "references": {"reference_data": [{"name": "https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a", "refsource": "CONFIRM", "url": "https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a"}, {"name": "https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9", "refsource": "MISC", "url": "https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9"}]}, "source": {"advisory": "8c16ab31-6eb6-46d1-b9a4-387222fe1b8a", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "cveId": "CVE-2021-3801", "datePublished": "2021-09-15T12:40:11", "dateReserved": "2021-09-14T00:00:00", "dateUpdated": "2021-09-15T12:40:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:prismjs:prism:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "266D072D-BFAD-4ACC-9ADA-91B03CA5EDA8", "versionEndExcluding": "1.25.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "prism is vulnerable to Inefficient Regular Expression Complexity"}, {"lang": "es", "value": "prism es vulnerable a una Complejidad de Expresi\u00f3n Regular Ineficiente"}], "id": "CVE-2021-3801", "lastModified": "2022-07-29T16:52:57.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-15T13:15:08.360", "references": [{"source": "security@huntr.dev", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/8c16ab31-6eb6-46d1-b9a4-387222fe1b8a"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1333"}], "source": "security@huntr.dev", "type": "Secondary"}]}