How severe is CVE-2021-43805?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-43805?

This is classified as CWE-1333, which is a common weakness in software security.

CVE-2021-43805

HIGH Year: 2021

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-1333

View all →

Vulnerability Description

Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity.

CVE-2015-10005

HIGH

CVSS:7.5(High)

A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regu...

CWE-13332015

CVE-2015-8315

HIGH

CVSS:7.5(High)

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

CWE-13332015

CVE-2015-8854

HIGH

CVSS:7.5(High)

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline ru...

CWE-13332015

CVE-2017-20165

HIGH

CVSS:7.5(High)

A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to ineff...

CWE-13332017

CVE-2018-25049

HIGH

CVSS:7.5(High)

A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular...

CWE-13332018

CVE-2018-25061

HIGH

CVSS:7.5(High)

A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The...

CWE-13332018

CVE-2021-43805

Vulnerability Description

Related Vulnerabilities

CVE-2015-10005

CVE-2015-8315

CVE-2015-8854

CVE-2017-20165

CVE-2018-25049

CVE-2018-25061