Seal Security

CVE-2021-33502

ReDoS in normalize-url

The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Vulnerability Details

Score

7.5

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Versions

normalize-url >= 4.3.0 < 4.5.1; normalize-url >= 5.0.0 < 5.3.1; normalize-url >= 6.0.0 < 6.0.1

Severity

High

Ecosystem

JavaScript

Publish Date

June 8, 2021

Modified Date

November 7, 2023