CVE-2021-33623

NameCVE-2021-33623
DescriptionThe trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
node-trim-newlines (PTS)buster, stretch1.0.0-1vulnerable
bullseye3.0.0-1+deb11u1fixed
bookworm, sid3.0.0+~3.0.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
node-trim-newlinessourcestretch(unfixed)end-of-life
node-trim-newlinessourcebullseye3.0.0-1+deb11u1
node-trim-newlinessource(unstable)3.0.0+~3.0.0-1

Notes

[buster] - node-trim-newlines <no-dsa> (Minor issue)
[stretch] - node-trim-newlines <end-of-life> (Nodejs in stretch not covered by security support)
https://github.com/advisories/GHSA-7p7h-4mm5-852v

Search for package or bug name: Reporting problems