Описание
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.
Отчет
OpenShift console container does package a vulnerable version of datatables.net, however as access to the vulnerable component is restricted via OpenShift OAuth the vulnerability is rated with an impact of Low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | kiali | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-console | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-console | Fix deferred | ||
| Red Hat Single Sign-On 7 | keycloak-theme | Will not fix | ||
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | cockpit-ovirt | Fixed | RHSA-2021:1184 | 14.04.2021 |
| Red Hat Virtualization Engine 4.4 | ovirt-web-ui | Fixed | RHSA-2021:1169 | 14.04.2021 |
| Red Hat Virtualization Engine 4.4 | ovirt-engine-ui-extensions | Fixed | RHSA-2021:1186 | 14.04.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.3 High
CVSS3
Связанные уязвимости
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.
datatables.net vulnerable to Prototype Pollution due to incomplete fix
Уязвимость пакета datatables.net библиотеки DataTables, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
EPSS
7.3 High
CVSS3