GHSA-h4hr-7fg3-h35w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h4hr-7fg3-h35w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-h4hr-7fg3-h35w/GHSA-h4hr-7fg3-h35w.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-h4hr-7fg3-h35w
- Aliases
- Published
- 2021-03-01T19:52:33Z
- Modified
- 2025-01-08T07:12:14.111835Z
- Summary
- Denial of service in prismjs
- Details
-
The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the
prism-asciidoc,prism-rest,prism-tapandprism-eiffelcomponents. - Database specific
{ "nvd_published_at": "2021-02-18T16:15:00Z", "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-02-24T07:34:23Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-23341
- https://github.com/PrismJS/prism/issues/2583
- https://github.com/PrismJS/prism/pull/2584
- https://github.com/PrismJS/prism/commit/c2f6a64426f44497a675cb32dccb079b3eff1609
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1076583
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1076582
- https://snyk.io/vuln/SNYK-JS-PRISMJS-1076581
- https://www.npmjs.com/package/prismjs
Affected packages
npm / prismjs
Package
- Name
- prismjs
- View open source insights on deps.dev
- Purl
- pkg:npm/prismjs