Описание
This affects all versions of package immer.
Отчет
Red Hat Virtualization includes affected version of nodejs-immer, however the usage does not meet the conditions required to exploit the flaw, therefore the impact is Low. In OpenShift Container Platform 4.6 (OCP) the openshift4/ose-prometheus container ships the vulnerable version of the nodejs-immer, however the Prometheus react-ui is disabled, hence this flaw cannot be exploited. As openshift4/ose-prometheus container still packages the vulnerable code, this component is affected with impact Low. This may be fixed in a future release.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 1 | kiali | Not affected | ||
| OpenShift Service Mesh 1 | servicemesh-grafana | Not affected | ||
| OpenShift Service Mesh 1 | servicemesh-prometheus | Not affected | ||
| OpenShift Service Mesh 2.0 | kiali | Not affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Not affected | ||
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | configmap-watcher | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | endpoint-component-operator | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | management-ingress | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/acmesolver-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Уязвимость библиотеки immer прикладного программного обеспечения Аврора Центр, связанная с неконтролируемым изменением атрибутов прототипа объекта, позволяющая нарушителю реализовать атаку типа «загрязнение прототипа»
EPSS
7.5 High
CVSS3