Описание
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
Отчет
Red Hat Quay includes the parsejson library as a build time dependency. It's included by karma for testing, and is not used as runtime.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Quay 3 | quay/quay-rhel8 | Not affected | ||
| Red Hat Virtualization 4 | ovirt-engine-dashboard | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1588385nodejs-parsejson: Regular Denial of Service
EPSS
Процентиль: 53%
0.00303
Низкий
7.5 High
CVSS3
Связанные уязвимости
CVSS3: 7.5
nvd
больше 7 лет назад
The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.
EPSS
Процентиль: 53%
0.00303
Низкий
7.5 High
CVSS3