Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-23341

Опубликовано: 18 фев. 2021
Источник: redhat
CVSS3: 7.5

Описание

The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.

A flaw was found in nodejs-prismjs. A Regular Expression Denial of Service (ReDoS) is possible via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.

Отчет

OpenShift Container Platform (OCP) and Red Hat Ceph Storage (RHCS) 3 and 4 grafana-container does package a vulnerable verison of prismjs. However due to the instance being read only and behind OpenShift OAuth, it has been given a Low impact. Additionally it has been marked as wont-fix at this time and may be fixed in a future release. OpenShift ServiceMesh (OSSM) ncludes a vulnerable version of prismjs. Due to the component being behind OpenShift OAuth and the vulnerability itself being limited to the syntax highlighting within grafana, it has been given a Low impact. The OSSM servicemesh-grafana component has been marked as wont-fix at this time and may be fixed in a future release. Red Hat Ceph Storage RHCS 3 and 4 grafana includes a vulnerable version of prismjs, however, due to the vulnerability itself being limited to the syntax highlighting within grafana, it has been given a Low impact. RHCS 3 and 4 have been marked as wont-fix at this time and may be fixed in a future release.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2.0servicemesh-grafanaWill not fix
Red Hat Ceph Storage 3grafanaWill not fix
Red Hat Ceph Storage 4rhceph/rhceph-4-dashboard-rhel8Will not fix
Red Hat OpenShift Container Platform 3.11openshift3/grafanaWill not fix
Red Hat OpenShift Container Platform 4openshift4/ose-grafanaWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1930420nodejs-prismjs: Regular expression denial of service via prism-asciidoc prism-rest prism-tap and prism-eiffel components

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-23341

CVSS3: 7.5
ubuntu
почти 5 лет назад

The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.

nvd логотип

CVE-2021-23341

CVSS3: 7.5
nvd
почти 5 лет назад

The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.

debian логотип

CVE-2021-23341

CVSS3: 7.5
debian
почти 5 лет назад

The package prismjs before 1.23.0 are vulnerable to Regular Expression ...

github логотип

GHSA-h4hr-7fg3-h35w

github
почти 5 лет назад

Denial of service in prismjs

7.5 High

CVSS3