{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-30T02:52:50.722","vulnerabilities":[{"cve":{"id":"CVE-2021-32723","sourceIdentifier":"security-advisories@github.com","published":"2021-06-28T20:15:07.857","lastModified":"2026-06-17T03:53:30.117","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. This problem has been fixed in Prism v1.24. As a workaround, do not use ASCIIDoc or ERB to highlight untrusted text. Other languages are not affected and can be used to highlight untrusted text."},{"lang":"es","value":"Prism es una biblioteca de resaltado de sintaxis. Algunos lenguajes anteriores a la versión 1.24.0, son vulnerables a una Denegación de Servicio por Expresiones Regulares (ReDoS). Cuando Prism es usado para resaltar texto no confiable (dado por el usuario), un atacante puede diseñar una cadena que tardará mucho tiempo en ser resaltada. Este problema ha sido corregido en Prism versión v1.24. Como solución alternativa , no utilice ASCIIDoc o ERB para resaltar texto no confiable. Otros lenguajes no están afectados y pueden ser usados para resaltar texto no confiable"}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"PrismJS","product":"prism","versions":[{"version":"< 1.24","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:prismjs:prism:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.24.0","matchCriteriaId":"7E2F5A9C-1C99-4F59-9A07-2342B171C39C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*","versionEndExcluding":"21.1.4","matchCriteriaId":"485DEB26-3C1D-4FEC-A9C1-D95BFE3B967E"}]}]}],"references":[{"url":"https://github.com/PrismJS/prism/pull/2688","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/PrismJS/prism/pull/2774","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/PrismJS/prism/security/advisories/GHSA-gj77-59wh-66hg","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/PrismJS/prism/pull/2688","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/PrismJS/prism/pull/2774","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/PrismJS/prism/security/advisories/GHSA-gj77-59wh-66hg","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}