CVE-2021-23364

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-23364

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23364.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-23364

Aliases

GHSA-w8qv-6jwh-64r5

Downstream

UBUNTU-CVE-2021-23364

Related

SNYK-JAVA-ORGWEBJARSNPM-1277182
SNYK-JS-BROWSERSLIST-1090194

Published

2021-04-28T16:15:08Z

Modified

2025-07-01T12:02:48.170324Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

References

Affected packages

Debian:11 / node-browserslist

Package

Name: node-browserslist
Purl: pkg:deb/debian/node-browserslist?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.16.3+~cs5.4.72-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / node-browserslist

Package

Name: node-browserslist
Purl: pkg:deb/debian/node-browserslist?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.16.3+~cs5.4.72-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / node-browserslist

Package

Name: node-browserslist
Purl: pkg:deb/debian/node-browserslist?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.16.3+~cs5.4.72-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/browserslist/browserslist

Affected ranges

Type: GIT
Repo: https://github.com/browserslist/browserslist
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c091916910dfe0b5fd61caad96083c6709b02d98

Affected versions

0.*

0.1.0

0.1.1

0.1.2

0.1.3

0.2.0

0.3.0

0.3.1

0.3.2

0.3.3

0.4.0

0.5.0

1.*

1.0.0

1.0.1

1.1.0

1.1.1

1.1.2

1.1.3

1.2.0

1.3.0

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.4.0

1.5.0

1.5.1

1.5.2

1.6.0

1.7.0

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.7.7

2.*

2.0.0

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.10.0

2.10.1

2.10.2

2.11.0

2.11.1

2.11.2

2.11.3

2.2.0

2.2.1

2.2.2

2.3.0

2.3.1

2.3.2

2.3.3

2.4.0

2.4.1

2.5.0

2.5.1

2.6.0

2.6.1

2.7.0

2.8.0

2.9.0

2.9.1

3.*

3.0.0

3.1.0

3.1.1

3.1.2

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.2.8

4.*

4.0.0

4.0.1

4.0.2

4.1.0

4.1.1

4.1.2

4.10.0

4.11.0

4.11.1

4.12.0

4.12.1

4.12.2

4.13.0

4.14.0

4.14.1

4.14.2

4.14.3

4.14.4

4.14.5

4.14.6

4.14.7

4.15.0

4.16.0

4.16.1

4.16.2

4.16.3

4.2.0

4.2.1

4.3.0

4.3.1

4.3.2

4.3.3

4.3.5

4.3.6

4.3.7

4.4.0

4.4.1

4.4.2

4.5.0

4.5.1

4.5.2

4.5.3

4.5.5

4.5.6

4.6.0

4.6.1

4.6.2

4.6.3

4.6.4

4.6.5

4.6.6

4.7.0

4.7.1

4.7.2

4.7.3

4.8.0

4.8.1

4.8.2

4.8.3

4.8.4

4.8.5

4.8.6

4.8.7

4.9.0

4.9.1