Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-33587

Опубликовано: 28 мая 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.

A flaw was found in nodejs-css-what. The css-what package for Node.js does not ensure that attribute parsing has a Linear Time Complexity relative to the size of the input. The highest threat from this vulnerability is to system availability.

Отчет

In the OpenShift ServiceMesh (OSSM) , Red Hat OpenShift Container Platform (RHOCP), and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs css-what library to authenticated users only, therefore the impact is low. In Red Hat Virtualization css-what is not a production dependency. An update may be provided in a future release.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2.0servicemesh-grafanaAffected
OpenShift Service Mesh 2.0servicemesh-prometheusAffected
Red Hat 3scale API Management Platform 2systemAffected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/application-ui-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-header-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-ui-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/grc-ui-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/kui-web-terminal-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/mcm-topology-rhel8Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1966225nodejs-css-what: does not ensure that attribute parsing has linear time complexity relative to the size of the input

EPSS

Процентиль: 45%
0.00229
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-33587

CVSS3: 7.5
ubuntu
больше 4 лет назад

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.

nvd логотип

CVE-2021-33587

CVSS3: 7.5
nvd
больше 4 лет назад

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input.

debian логотип

CVE-2021-33587

CVSS3: 7.5
debian
больше 4 лет назад

The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure t ...

github логотип

GHSA-q8pj-2vqx-8ggc

CVSS3: 7.5
github
больше 4 лет назад

Denial of service in css-what

fstec логотип

BDU:2021-04889

CVSS3: 7.5
fstec
больше 4 лет назад

Уязвимость анализатора селекторов CSS Node-css-what, связанная с использованием памяти после освобождения, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 45%
0.00229
Низкий

7.5 High

CVSS3