CVE-2021-33623

NameCVE-2021-33623
DescriptionThe trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3247-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
node-trim-newlines (PTS)buster1.0.0-1vulnerable
buster (security)1.0.0-1+deb10u1fixed
bullseye3.0.0-1+deb11u1fixed
sid, trixie, bookworm3.0.0+~3.0.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
node-trim-newlinessourcestretch(unfixed)end-of-life
node-trim-newlinessourcebuster1.0.0-1+deb10u1DLA-3247-1
node-trim-newlinessourcebullseye3.0.0-1+deb11u1
node-trim-newlinessource(unstable)3.0.0+~3.0.0-1

Notes

[stretch] - node-trim-newlines <end-of-life> (Nodejs in stretch not covered by security support)
https://github.com/advisories/GHSA-7p7h-4mm5-852v
https://github.com/sindresorhus/trim-newlines/commit/25246c6ce5eea1c82d448998733a6302a4350d91 (v4.0.1)
https://github.com/sindresorhus/trim-newlines/commit/b10d5f4afef832b16bc56d49fc52c68cbd403869 (v3.0.1)
Search for package or bug name: Reporting problems