Описание
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
A flaw was found in nodejs-ua-parser-js. The software is vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
Отчет
Red Hat OpenShift Container Platform 4 delivers the kibana package where the ua-parser-js library is bundled, but during the update to container first (to openshift4/ose-logging-kibana6) the dependency was removed and hence kibana package is marked as wontfix. This may be fixed in the future.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Distributed Tracing Jaeger 1 | distributed-tracing/jaeger-all-in-one-rhel7 | Fix deferred | ||
| Distributed Tracing Jaeger 1 | distributed-tracing/jaeger-query-rhel7 | Fix deferred | ||
| OpenShift Service Mesh 1 | servicemesh-grafana | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | nodejs-ua-parser-js | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.11 | kibana | Fix deferred | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/grafana | Not affected | ||
| Red Hat OpenShift Container Platform 4 | kibana | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-grafana | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-kibana6 | Fix deferred | ||
| Red Hat Storage 3 | grafana | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expre ...
Regular Expression Denial of Service in ua-parser-js
Уязвимость библиотеки ua-parser-js прикладного программного обеспечения Аврора Центр, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3