{"id":"CVE-2021-3804","details":"taro is vulnerable to Inefficient Regular Expression Complexity","aliases":["GHSA-468q-v4jj-485h"],"modified":"2026-04-10T04:36:30.586522Z","published":"2021-09-17T07:15:09.213Z","references":[{"type":"FIX","url":"https://github.com/nervjs/taro/commit/acadb6c826ba57f2030a626f1de4f7b4608fcdb5"},{"type":"FIX","url":"https://huntr.dev/bounties/0ebe85e6-cc85-42b8-957e-18d8df277414"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nervjs/taro","events":[{"introduced":"0"},{"fixed":"dfea7ab7ac6f5abb8bb344595eadc0993d752eae"},{"fixed":"acadb6c826ba57f2030a626f1de4f7b4608fcdb5"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.3.9"}]}}],"versions":["ls","v0.0.1","v0.0.10","v0.0.11","v0.0.12","v0.0.13","v0.0.14","v0.0.15","v0.0.16","v0.0.17","v0.0.18","v0.0.19","v0.0.2","v0.0.20","v0.0.21","v0.0.22","v0.0.23","v0.0.24","v0.0.25","v0.0.26","v0.0.27","v0.0.28","v0.0.29","v0.0.3","v0.0.30","v0.0.31","v0.0.32","v0.0.34","v0.0.4","v0.0.45","v0.0.46","v0.0.47","v0.0.48","v0.0.49","v0.0.5","v0.0.50","v0.0.6","v0.0.7","v0.0.8","v0.0.9","v1.0.0-beta.10","v1.0.0-beta.11","v1.0.0-beta.20","v1.1.9","v1.2.0","v1.2.0-beta.10","v1.2.0-beta.11","v1.2.0-beta.12","v1.2.0-beta.13","v1.2.0-beta.14","v1.2.0-beta.16","v1.2.0-beta.2","v1.2.0-beta.3","v1.2.0-beta.4","v1.2.0-beta.8","v1.2.0-beta.9","v1.2.1","v1.2.16","v1.2.17","v1.2.18","v1.2.19","v1.2.2","v1.2.20","v1.2.25","v1.2.26","v1.2.3","v1.2.4","v1.2.5","v1.2.6","v1.2.7","v1.2.8","v1.3.0","v1.3.0-beta.0","v1.3.0-beta.1","v1.3.0-beta.2","v1.3.0-beta.3","v1.3.0-beta.4","v1.3.0-beta.5","v1.3.0-beta.6","v1.3.0-beta.7","v1.3.0-beta.8","v1.3.1","v1.3.11","v1.3.12","v1.3.13","v1.3.14","v1.3.16","v1.3.18","v1.3.19","v1.3.2","v1.3.20","v1.3.21","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v3.0.0","v3.0.0-alpha.0","v3.0.0-alpha.1","v3.0.0-alpha.2","v3.0.0-alpha.3","v3.0.0-alpha.4","v3.0.0-alpha.5","v3.0.0-alpha.6","v3.0.0-alpha.7","v3.0.0-alpha.8","v3.0.0-alpha.9","v3.0.0-beta.0","v3.0.0-beta.1","v3.0.0-beta.2","v3.0.0-beta.3","v3.0.0-beta.4","v3.0.0-beta.5","v3.0.0-beta.6","v3.0.0-experimental.2","v3.0.0-experimental.3","v3.0.0-experimental.4","v3.0.0-experimental.5","v3.0.0-rc.0","v3.0.0-rc.1","v3.0.0-rc.2","v3.0.0-rc.3","v3.0.0-rc.4","v3.0.0-rc.5","v3.0.0-rc.6","v3.0.10","v3.0.11","v3.0.12","v3.0.13","v3.0.14","v3.0.15","v3.0.16","v3.0.17","v3.0.18","v3.0.19","v3.0.2","v3.0.20","v3.0.21","v3.0.22","v3.0.23","v3.0.24","v3.0.25","v3.0.26","v3.0.27","v3.0.28","v3.0.3","v3.0.4","v3.0.5","v3.0.6","v3.0.7","v3.0.8","v3.0.9","v3.1.0","v3.1.1","v3.1.2","v3.1.3","v3.1.4","v3.1.5","v3.2.0","v3.2.1","v3.2.10","v3.2.11","v3.2.12","v3.2.13","v3.2.14","v3.2.15","v3.2.16","v3.2.2","v3.2.3","v3.2.4","v3.2.5","v3.2.6","v3.2.7","v3.2.8","v3.2.9","v3.3.0","v3.3.1","v3.3.2","v3.3.3","v3.3.4","v3.3.5","v3.3.6","v3.3.7","v3.3.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3804.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}