Описание
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
A flaw was found in nodejs-kind-of. An external user is allowed input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
Отчет
While some components do package a vulnerable version of kind-of, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:
- OpenShift ServiceMesh (OSSM)
- Red Hat Advanced Cluster Management for Kubernetes (RHACM)
- OpenShift distributed tracing
- OpenShift Data Foundation
In Openshift Container Platform (OCP) 4.6 the openshift4/ose-logging-kibana container delivers a vulnerable version of
kind-of, however OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities. Since the release of OCP 4.7 this component is now delivered as part of the OpenShift Logging product (openshift-logging/kibana6-rhel8 container). Further, OCP 3.11 has been set to Will not fix, as OCP 3.11 is moving into maintenance phase of support. In Red Hat Virtualization some components do package a version ofkind-of, however none use an affected version (later than 6.0.0, prior to 6.0.3)
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Will not fix | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/application-ui-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-api-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-header-rhel8 | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Fix deferred | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-ui-rhel8 | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/grc-ui-api-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/grc-ui-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.
ctorName in index.js in kind-of v6.0.2 allows external user input to o ...
5.9 Medium
CVSS3