Описание
All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.
A flaw was found in nodejs-trim-off-newlines. All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. The highest threat from this vulnerability is to system availability.
Отчет
The Red Hat Directory Server 11 Web UI requires trim-off-newlines as a dependency, but it is not used in the 389-ds cockpit plugin, and not shipped as part of the RPM binary. Thus Red Hat Directory Server 11 is not affected by this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Directory Server 11 | redhat-ds:11/389-ds-base | Not affected | ||
| Red Hat Virtualization 4 | ovirt-web-ui | Not affected | ||
| Red Hat Virtualization Engine 4.4 | ovirt-engine-ui-extensions | Fixed | RHSA-2022:4711 | 26.05.2022 |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing.
Uncontrolled Resource Consumption in trim-off-newlines
5.3 Medium
CVSS3