CVE-2021-3807

NameCVE-2021-3807
Descriptionansi-regex is vulnerable to Inefficient Regular Expression Complexity
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs994568

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
node-ansi-regex (PTS)stretch2.0.0-1fixed
buster3.0.0-1+deb10u1fixed
bullseye5.0.1-1~deb11u1fixed
sid, trixie, bookworm5.0.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
node-ansi-regexsourcestretch(not affected)
node-ansi-regexsourcebuster3.0.0-1+deb10u1
node-ansi-regexsourcebullseye5.0.1-1~deb11u1
node-ansi-regexsource(unstable)5.0.1-1994568

Notes

[stretch] - node-ansi-regex <not-affected> (Vulnerable code introduced later)
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1)
Search for package or bug name: Reporting problems