Vulnerability Details : CVE-2021-4437
A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability.
Products affected by CVE-2021-4437
- cpe:2.3:a:dbartholomae:lambda-middleware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-4437
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-4437
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.7
|
LOW | AV:A/AC:L/Au:S/C:N/I:N/A:P |
5.1
|
2.9
|
VulDB | 2024-02-12 |
3.5
|
LOW | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
2.1
|
1.4
|
VulDB | 2024-02-12 |
6.5
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST | 2024-10-11 |
CWE ids for CVE-2021-4437
-
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.Assigned by: cna@vuldb.com (Primary)
References for CVE-2021-4437
-
https://github.com/dbartholomae/lambda-middleware/commit/f689404d830cbc1edd6a1018d3334ff5f44dc6a6
fix(json-deserializer): fixed codeQL vulnerability · dbartholomae/lambda-middleware@f689404 · GitHubPatch
-
https://vuldb.com/?id.253406
CVE-2021-4437: dbartholomae lambda-middleware frameguard JSON Mime-Type JsonDeserializer.ts redos (ID 57)Third Party Advisory
-
https://vuldb.com/?ctiid.253406
CVE-2021-4437: dbartholomae lambda-middleware frameguard JSON Mime-Type JsonDeserializer.ts redos (ID 57)Permissions Required
-
https://github.com/dbartholomae/lambda-middleware/releases/tag/%40lambda-middleware%2Fframeguard_v1.1.0
Release @lambda-middleware/frameguard_v1.1.0 · dbartholomae/lambda-middleware · GitHubRelease Notes
-
https://github.com/dbartholomae/lambda-middleware/pull/57
Add the json-deserializer middleware package by matt-jenner · Pull Request #57 · dbartholomae/lambda-middleware · GitHubPatch
Jump to