CVE-2021-4437

LOW

dbartholomae lambda-middleware frameguard <1.1.0 - Info Disclosure

Title source: llm

Description

A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability.

References (5)

Core 5

Core References

Third Party Advisory vdb-entry

https://vuldb.com/?id.253406

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.253406

Patch issue-tracking

https://github.com/dbartholomae/lambda-middleware/pull/57

Patch patch

https://github.com/dbartholomae/lambda-middleware/commit/f689404d830cbc1edd6a1018d3334ff5f44dc6a6

Release Notes patch

https://github.com/dbartholomae/lambda-middleware/releases/tag/%40lambda-middleware%2Fframeguard_v1.1.0

Scores

CVSS v3 3.5

EPSS 0.0045

EPSS Percentile 35.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-1333

Status published

Products (2)

dbartholomae/lambda-middleware < 1.0.4

lambda-middleware/json-deserializer 0 - 1.1.0npm

Published Feb 12, 2024

Tracked Since Feb 18, 2026