Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0aHItN2ZnMy1oMzV3

High EPSS: 0.01762% (0.81502 Percentile) EPSS:
Permalink JSON

Denial of service in prismjs

Affected Packages Affected Versions Fixed Versions
npm:prismjs
PURL: pkg:npm/prismjs
< 1.23.0 1.23.0
6,937 Dependent packages
218,739 Dependent repositories
48,720,004 Downloads last month

Affected Version Ranges

All affected versions

0.0.1, 1.1.0, 1.2.0, 1.3.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0, 1.7.0, 1.8.0, 1.8.1, 1.8.3, 1.8.4, 1.9.0, 1.10.0, 1.11.0, 1.12.0, 1.12.2, 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.17.1, 1.18.0, 1.19.0, 1.20.0, 1.21.0, 1.22.0

All unaffected versions

1.23.0, 1.24.0, 1.24.1, 1.25.0, 1.26.0, 1.27.0, 1.28.0, 1.29.0, 1.30.0

The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.

References:

Identifiers

GHSA-h4hr-7fg3-h35w

CVE-2021-23341

Risk

Severity

High

EPSS

EPSS Percentage: 0.01762

EPSS Percentile: 0.81502

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/PrismJS/prism

Date and time

Published

over 4 years ago

Updated

about 2 years ago

API

JSON