Описание
A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Mobile Application Platform 4 | fh-messaging | Not affected | ||
| Red Hat Mobile Application Platform 4 | mbaas | Not affected | ||
| Red Hat OpenShift Container Platform 3.2 | nodejs-accepts | Fixed | RHSA-2016:1605 | 11.08.2016 |
| Red Hat OpenShift Container Platform 3.2 | nodejs-express | Fixed | RHSA-2016:1605 | 11.08.2016 |
| Red Hat OpenShift Container Platform 3.2 | nodejs-mime-db | Fixed | RHSA-2016:1605 | 11.08.2016 |
| Red Hat OpenShift Container Platform 3.2 | nodejs-mime-types | Fixed | RHSA-2016:1605 | 11.08.2016 |
| Red Hat OpenShift Container Platform 3.2 | nodejs-minimatch | Fixed | RHSA-2016:1605 | 11.08.2016 |
| Red Hat OpenShift Container Platform 3.2 | nodejs-negotiator | Fixed | RHSA-2016:1605 | 11.08.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-accepts | Fixed | RHSA-2016:1605 | 11.08.2016 |
| Red Hat OpenShift Enterprise 3.1 | nodejs-express | Fixed | RHSA-2016:1605 | 11.08.2016 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1348509nodejs-minimatch: Regular expression denial-of-service
5.3 Medium
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
nvd
больше 7 лет назад
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10540. Reason: This candidate is a reservation duplicate of CVE-2016-10540. Notes: All CVE users should reference CVE-2016-10540 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
5.3 Medium
CVSS3
4.3 Medium
CVSS2