How severe is CVE-2021-4437?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-4437?

This is classified as CWE-1333, which is a common weakness in software security.

CVE-2021-4437

MEDIUM Year: 2021

CVSS v3 Score

6.5

Medium

CVSS v2 Score

2.7

Low

Weakness Type

CWE-1333

View all →

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability.

CVE-2019-16215

MEDIUM

CVSS:6.5(Medium)

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server ...

CWE-13332019

CVE-2021-25292

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

CWE-13332021

CVE-2021-39933

MEDIUM

CVSS:6.5(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A r...

CWE-13332021

CVE-2021-39940

MEDIUM

CVSS:6.5(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitL...

CWE-13332021

CVE-2021-46823

MEDIUM

CVSS:6.5(Medium)

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP sche...

CWE-13332021

CVE-2022-23548

MEDIUM

CVSS:6.5(Medium)

Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible t...

CWE-13332022

CVE-2021-4437

Vulnerability Description

Related Vulnerabilities

CVE-2019-16215

CVE-2021-25292

CVE-2021-39933

CVE-2021-39940

CVE-2021-46823

CVE-2022-23548