Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-16138

Опубликовано: 05 сент. 2017
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

The mime module is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

Отчет

Red Hat Virtualization 4.2 EUS contained a vulnerable version of nodejs-mime in the ovirt-engine-dashboard package. This package has been removed in Red Hat Virtualization 4.2. Red Hat Quay includes mime as a dependency of Karma. It's only used at build time, not runtime so this vulnerability has a low impact of Red Hat Quay.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Mobile Application Platform 4rhmap45/fh-aaaNot affected
Red Hat Mobile Application Platform 4rhmap-fh-appstore-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-mbaas-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-messaging-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-metrics-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-ngui-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-scm-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-statsd-dockerNot affected
Red Hat Mobile Application Platform 4rhmap-fh-supercore-dockerNot affected
Red Hat OpenShift Enterprise 3nodejs-mimeWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1500700nodejs-mime: Regular expression Denial of Service

EPSS

Процентиль: 62%
0.00433
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-16138

CVSS3: 7.5
ubuntu
больше 7 лет назад

The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

nvd логотип

CVE-2017-16138

CVSS3: 7.5
nvd
больше 7 лет назад

The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.

debian логотип

CVE-2017-16138

CVSS3: 7.5
debian
больше 7 лет назад

The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular express ...

github логотип

GHSA-wrvr-8mpx-r7pp

CVSS3: 7.5
github
больше 7 лет назад

mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input

EPSS

Процентиль: 62%
0.00433
Низкий

5.3 Medium

CVSS3