Описание
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.
The html-parse-stringify library, as well as its fork html-parse-stringify2, are vulnerable to a Regular Expression Denial of Service attack (ReDos). A certain inputs could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.
Отчет
The access to the vulnerable library is protected by RHACM Authentication reducing impact of this flaw to LOW.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 | rhacm2/search-ui-rhel8 | Fixed | RHSA-2021:3016 | 06.08.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
EPSS
5.3 Medium
CVSS3