CVE-2021-39157

Published: Aug 24, 2021

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in [detect-character-encoding v0.7.0](https://github.com/sonicdoe/detect-character-encoding/releases/tag/v0.7.0). No workaround are available and all users should update to resolve this issue.

Vendor	Product	Versions
sonicdoe	detect-character-encoding	affected `< 0.7.0`

Weaknesses (CWE)

CWE-755

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/sonicdoe/detect-character-encoding/security/advisories/GHSA-jqfh-8hw5-fqjr

x_refsource_CONFIRM

https://github.com/sonicdoe/detect-character-encoding/issues/15

x_refsource_MISC

https://github.com/sonicdoe/detect-character-encoding/commit/992a11007fff6cfd40b952150ab8d30410c4a20a

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-39157

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References