CVE-2021-23343

Отчет

In Red Had Quay , whilst a vulnerable version of path-parse is included in the quay-rhel8 container it is a development dependency only, hence the impact by this vulnerability is low. In OpenShift Container Platform (OCP), the hadoop component which is a part of the OCP metering stack, ships the vulnerable version of 'path-parse'. Since the release of OCP 4.6, the metering product has been deprecated [1], hence the affected component is marked as wontfix. This may be fixed in the future. In Red Hat OpenShift Container Storage 4 the noobaa-core container includes the affected version of path-parse, however the vulnerable functionality is currently not used in any part of the product. In Red Hat Virtualization cockpit-ovirt, ovirt-engine-ui-extensions and ovirt-web-ui use vulnerable version of path-parse, however for cockpit-ovirt it is a development time dependency only, and for ovirt-engine-ui-extensions and ovirt-web-ui the vulnerable functions are never used. [1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated