Описание
This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.
A Type Confusion vulnerability was found in node-jsonpointer. This issue leads to the bypass of a previous Prototype Pollution fix when the pointer components are arrays. This flaw allows an attacker to use objects of incompatible base types, leading to remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Отчет
In Red Hat Quay, JSON pointer is a development dependency, therefore the impact of this flaw is rated Low. A fix may be delivered in future Quay updates. Hadoop-container is affected, but it's deprecated since OpenShift Container Platform 4.6, hence marked as WONTFIX.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | kibana | Out of support scope | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hadoop | Will not fix | ||
| Red Hat Quay 3 | quay/quay-rhel8 | Will not fix |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.
Уязвимость пакета jsonpointer программной платформы Node.js, позволяющая нарушителю выполнить произвольный код
7.3 High
CVSS3