CVE-2018-1109

Опубликовано: 19 фев. 2018

Источник: redhat

CVSS3: 4

Описание

A vulnerability was found in Braces versions prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

A vulnerability was found in nodejs-braces. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks. The highest threat from this vulnerability is system availability.

Отчет

Red Hat Quay includes braces as a dependency of webpack. Braces is only used at build time, not at runtime, reducing the impact of this vulnerability to low.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Mobile Application Platform 4	nodejs-braces	Not affected
Red Hat OpenShift Enterprise 3	nodejs-braces	Not affected
Red Hat Software Collections	rh-nodejs4-nodejs-braces	Not affected
Red Hat Software Collections	rh-nodejs6-nodejs-braces	Not affected
Red Hat Software Collections	rh-nodejs8-nodejs-braces	Not affected
Red Hat Quay 3	quay/quay-rhel8	Fixed	RHSA-2021:3917	19.10.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-185->CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1547272nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js

4 Medium

CVSS3

Связанные уязвимости

CVE-2018-1109

CVSS3: 5.3

ubuntu

почти 5 лет назад

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.

CVE-2018-1109

CVSS3: 5.3

nvd

почти 5 лет назад

A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.