Описание
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
Отчет
Red Hat Quay include brace-explansion as a build time dependency. It's not used at runtime and hence has a reduce impact of low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Mobile Application Platform 4 | fh-aaa | Will not fix | ||
| Red Hat OpenShift Enterprise 3 | nodejs-brace-expansion | Will not fix | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Fix deferred | ||
| Red Hat Software Collections | rh-nodejs4-nodejs-brace-expansion | Will not fix | ||
| Red Hat Software Collections | rh-nodejs6-nodejs-brace-expansion | Will not fix | ||
| Red Hat Software Collections | rh-nodejs8-nodejs-brace-expansion | Affected | ||
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-nodejs8-nodejs | Fixed | RHSA-2020:2625 | 19.06.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | rh-nodejs8-nodejs | Fixed | RHSA-2020:2625 | 19.06.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | rh-nodejs8-nodejs | Fixed | RHSA-2020:2625 | 19.06.2020 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expr ...
5.3 Medium
CVSS3