CVE-2021-32723: 
JavaScript vulnerability analysis and mitigation

CVE-2021-32723 is a vulnerability in the Oracle Application Express (Prism) component of Oracle Database Server affecting versions prior to 21.1.4. The vulnerability was discovered and patched in Prism v1.24.0, released in 2021. This vulnerability affects the syntax highlighting functionality in specific language components, namely ASCIIDoc and ERB (Oracle Advisory, Prism Advisory).

The vulnerability is classified as a Regular Expression Denial of Service (ReDoS) issue. It allows low privileged attackers with Valid User Account privileges and network access via HTTP to compromise Oracle Application Express (Prism). The vulnerability has a CVSS 3.1 Base Score of 3.5 (Availability impacts) with the vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L) (Oracle Advisory).

When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take an extremely long time to highlight, leading to a denial of service condition. This specifically affects the ASCIIDoc and ERB language components, while other languages remain unaffected for highlighting untrusted text (Prism Advisory).

The vulnerability has been patched in Prism version 1.24.0. Users should upgrade to this version or later to mitigate the risk. For those unable to upgrade immediately, it is recommended to avoid using ASCIIDoc and ERB languages for highlighting untrusted text (Prism Advisory).