NodeJS/hosted-git-info/2.8.8
Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab
https://www.npmjs.com/package/hosted-git-info
ISC
1 Security Vulnerabilities
Regular Expression Denial of Service in hosted-git-info
Published date: 2021-05-06T16:10:39Z
CVE: CVE-2021-23362
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2021-23362
- https://github.com/advisories/GHSA-43f8-2h32-f4cj
- https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356
- https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
- https://github.com/npm/hosted-git-info/pull/76
- https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7
- https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01
- https://github.com/npm/hosted-git-info/commits/v2
- https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
The npm package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity
Affected versions:
["1.0.0", "1.1.0", "1.2.0", "1.3.0", "1.4.0", "1.5.0", "1.5.1", "1.5.2", "1.5.3", "1.6.0", "2.0.0", "2.0.1", "2.0.2", "2.0.3", "2.1.0", "2.1.1", "2.1.2", "2.1.3", "2.1.4", "2.1.5", "2.2.0", "2.3.0", "2.3.1", "2.4.0", "2.4.1", "2.4.2", "2.5.0", "2.6.0", "2.6.1", "2.7.0", "2.7.1", "2.8.0", "2.8.1", "2.8.2", "2.8.3", "2.8.4", "2.8.5", "2.8.6", "2.8.7", "2.8.8", "3.0.0", "3.0.1", "3.0.2", "3.0.3", "3.0.4", "3.0.5", "3.0.6", "3.0.7"]
Secure versions:
[3.0.8, 4.0.0, 4.0.1, 4.0.2, 2.8.9, 4.1.0, 5.0.0, 5.1.0, 6.0.0, 6.1.0, 5.2.0, 5.2.1, 6.1.1, 7.0.0, 7.0.1]
Recommendation:
Update to version 7.0.1.
63 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 7.0.1 | ISC | 2023-09-13 - 14:45 | 8 months | |
| 7.0.0 | ISC | 2023-08-14 - 23:19 | 8 months | |
| 6.1.1 | ISC | 2022-10-27 - 22:38 | over 1 year | |
| 6.1.0 | ISC | 2022-10-26 - 19:28 | over 1 year | |
| 6.0.0 | ISC | 2022-10-12 - 19:28 | over 1 year | |
| 5.2.1 | ISC | 2022-10-27 - 22:37 | over 1 year | |
| 5.2.0 | ISC | 2022-10-26 - 19:32 | over 1 year | |
| 5.1.0 | ISC | 2022-08-09 - 20:07 | over 1 year | |
| 5.0.0 | ISC | 2022-03-14 - 22:17 | about 2 years | |
| 4.1.0 | ISC | 2022-01-06 - 16:16 | over 2 years | |
| 4.0.2 | ISC | 2021-03-24 - 16:08 | about 3 years | |
| 4.0.1 | ISC | 2021-03-18 - 15:24 | about 3 years | |
| 4.0.0 | ISC | 2021-03-09 - 18:34 | about 3 years | |
| 3.0.8 | ISC | 2021-01-28 - 18:20 | about 3 years | |
| 3.0.7 | ISC | 1 | 2020-10-15 - 23:06 | over 3 years |
| 3.0.6 | ISC | 1 | 2020-10-12 - 23:08 | over 3 years |
| 3.0.5 | ISC | 1 | 2020-07-11 - 01:06 | almost 4 years |
| 3.0.4 | ISC | 1 | 2020-02-26 - 23:47 | about 4 years |
| 3.0.3 | ISC | 1 | 2020-02-25 - 17:18 | about 4 years |
| 3.0.2 | ISC | 1 | 2019-10-08 - 00:12 | over 4 years |
| 3.0.1 | ISC | 1 | 2019-10-07 - 23:35 | over 4 years |
| 3.0.0 | ISC | 1 | 2019-08-12 - 16:19 | over 4 years |
| 2.8.9 | ISC | 2021-04-07 - 20:04 | about 3 years | |
| 2.8.8 | ISC | 1 | 2020-02-29 - 22:43 | about 4 years |
| 2.8.7 | ISC | 1 | 2020-02-26 - 23:42 | about 4 years |
| 2.8.6 | ISC | 1 | 2020-02-25 - 17:16 | about 4 years |
| 2.8.5 | ISC | 1 | 2019-10-07 - 23:34 | over 4 years |
| 2.8.4 | ISC | 1 | 2019-08-12 - 23:44 | over 4 years |
| 2.8.3 | ISC | 1 | 2019-08-12 - 16:18 | over 4 years |
| 2.8.2 | ISC | 1 | 2019-08-05 - 06:51 | over 4 years |
| 2.8.1 | ISC | 1 | 2019-08-05 - 05:58 | over 4 years |
| 2.8.0 | ISC | 1 | 2019-08-05 - 01:34 | over 4 years |
| 2.7.1 | ISC | 1 | 2018-07-07 - 01:02 | almost 6 years |
| 2.7.0 | ISC | 1 | 2018-07-06 - 23:42 | almost 6 years |
| 2.6.1 | ISC | 1 | 2018-06-25 - 19:42 | almost 6 years |
| 2.6.0 | ISC | 1 | 2018-03-07 - 22:20 | about 6 years |
| 2.5.0 | ISC | 1 | 2017-06-26 - 20:25 | almost 7 years |
| 2.4.2 | ISC | 1 | 2017-04-13 - 22:54 | about 7 years |
| 2.4.1 | ISC | 1 | 2017-03-22 - 04:32 | about 7 years |
| 2.4.0 | ISC | 1 | 2017-03-22 - 04:31 | about 7 years |
| 2.3.1 | ISC | 1 | 2017-03-18 - 00:37 | about 7 years |
| 2.3.0 | ISC | 1 | 2017-03-18 - 00:25 | about 7 years |
| 2.2.0 | ISC | 1 | 2017-02-06 - 07:24 | about 7 years |
| 2.1.5 | ISC | 1 | 2016-05-17 - 21:01 | almost 8 years |
| 2.1.4 | ISC | 1 | 2015-05-21 - 18:50 | almost 9 years |
| 2.1.3 | ISC | 1 | 2015-05-21 - 18:46 | almost 9 years |
| 2.1.2 | ISC | 1 | 2015-04-11 - 17:34 | about 9 years |
| 2.1.1 | ISC | 1 | 2015-04-10 - 10:06 | about 9 years |
| 2.1.0 | ISC | 1 | 2015-04-09 - 18:02 | about 9 years |
| 2.0.3 | ISC | 1 | 2015-04-08 - 21:28 | about 9 years |
| 2.0.2 | ISC | 1 | 2015-04-06 - 22:08 | about 9 years |
| 2.0.1 | ISC | 1 | 2015-04-06 - 22:06 | about 9 years |
| 2.0.0 | ISC | 1 | 2015-04-06 - 21:49 | about 9 years |
| 1.6.0 | ISC | 1 | 2015-04-06 - 21:38 | about 9 years |
| 1.5.3 | ISC | 1 | 2015-01-23 - 20:16 | over 9 years |
| 1.5.2 | ISC | 1 | 2014-12-30 - 19:14 | over 9 years |
| 1.5.1 | ISC | 1 | 2014-12-30 - 19:02 | over 9 years |
| 1.5.0 | ISC | 1 | 2014-11-25 - 00:37 | over 9 years |
| 1.4.0 | ISC | 1 | 2014-10-28 - 08:14 | over 9 years |
| 1.3.0 | ISC | 1 | 2014-10-28 - 04:36 | over 9 years |
| 1.2.0 | ISC | 1 | 2014-10-28 - 02:04 | over 9 years |
| 1.1.0 | ISC | 1 | 2014-10-17 - 11:13 | over 9 years |
| 1.0.0 | ISC | 1 | 2014-10-09 - 18:34 | over 9 years |