Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-28500

Опубликовано: 15 фев. 2021
Источник: redhat
CVSS3: 5.3

Описание

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.

Отчет

In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low. While Red Hat Virtualization's cockpit-ovirt has a dependency on lodash it doesn't use the vulnerable toNumber, trim, or trimEnd functions. While Red Hat Quay has a dependency on lodash via restangular it doesn't use the vulnerable toNumber, trim, or trimEnd functions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2.0kialiAffected
OpenShift Service Mesh 2.0servicemesh-grafanaAffected
OpenShift Service Mesh 2.0servicemesh-prometheusAffected
Red Hat Advanced Cluster Management for Kubernetes 2console-apiAffected
Red Hat Advanced Cluster Management for Kubernetes 2console-headerNot affected
Red Hat Advanced Cluster Management for Kubernetes 2console-uiNot affected
Red Hat Advanced Cluster Management for Kubernetes 2grc-uiNot affected
Red Hat Advanced Cluster Management for Kubernetes 2grc-ui-apiNot affected
Red Hat Advanced Cluster Management for Kubernetes 2kui-web-terminalAffected
Red Hat Advanced Cluster Management for Kubernetes 2mcm-topologyNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1928954nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-28500

CVSS3: 5.3
ubuntu
почти 5 лет назад

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

nvd логотип

CVE-2020-28500

CVSS3: 5.3
nvd
почти 5 лет назад

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.

debian логотип

CVE-2020-28500

CVSS3: 5.3
debian
почти 5 лет назад

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression ...

github логотип

GHSA-29mw-wpgm-hmr9

CVSS3: 5.3
github
около 4 лет назад

Regular Expression Denial of Service (ReDoS) in lodash

fstec логотип

BDU:2021-02880

CVSS3: 7.3
fstec
больше 4 лет назад

Уязвимость функций toNumber, trim и trimEnd библиотеки lodash прикладного программного обеспечения Аврора Центр, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

5.3 Medium

CVSS3