CVE-2021-43309: Incorrect Comparison

August 25, 2022 (updated September 9, 2022)

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the “URI.expand” method

References

github.com/advisories/GHSA-chw2-6c7r-37p7
github.com/litejs/uri-template-lite/commit/cbeec2b2a275d819fb534137a155df14729706f8
nvd.nist.gov/vuln/detail/CVE-2021-43309
research.jfrog.com/vulnerabilities/uri-template-lite-redos-xray-211351/

Code Behaviors & Features

Detect and mitigate CVE-2021-43309 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →