Incorrect Comparison

CVE-2021-43309

High

7.5/10

Summary

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package through 22.1.0, when an attacker is able to supply arbitrary input to the "URI.expand" method.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-697 - Incorrect Comparison

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

Advisory
Disclosure
Release Note

Advisory Timeline

Published Aug 24, 2022

Incorrect Comparison

CVE-2021-43309

Summary

CWE-697 - Incorrect Comparison

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS