Severity
Medium
Analysis Summary
CVE-2021-23392
Node.js locutus module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the gopher_parsedir function. By sending a specially-crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
Affected Vendors
Node.js
Affected Products
- Node.js locutus 2.0.14
Remediation
Upgrade to the latest version of Locutus (2.0.15 or later), available from the NPM Web site.