Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-33623

Опубликовано: 28 мая 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

A flaw was found in nodejs-trim-newlines. Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

Отчет

OpenShift Container Platform (OCP) grafana-container does package a vulnerable verison of nodejs trim-newlines. However due to the instance being read only and behind OpenShift OAuth, the impact by this vulnerability is Low. Red Hat Advanced Cluster Management for Kubernetes (ACM) containers affected by this flaw are only accessible to authenticated users, thus the impact of this vulnerability is Low. Red Hat Virtualization (RHV) does package a vulnerable version of nodejs-trim-newlines. However, no untrusted content is being parsed therefore the impact of this vulnerability is Low. The hosted services are shipped with the vulnerable packages, however the vulnerable methods were not identified in use at this time.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 2.0servicemesh-grafanaAffected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/application-ui-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-api-rhel8Affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-header-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-ui-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/mcm-topology-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/search-ui-rhel8Fix deferred
Red Hat Ansible Automation Platform 1.2trim-newlinesAffected
Red Hat OpenShift Container Platform 4openshift4/ose-grafanaFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1966615nodejs-trim-newlines: ReDoS in .end() method

EPSS

Процентиль: 79%
0.01255
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-33623

CVSS3: 7.5
ubuntu
больше 4 лет назад

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

nvd логотип

CVE-2021-33623

CVSS3: 7.5
nvd
больше 4 лет назад

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

debian логотип

CVE-2021-33623

CVSS3: 7.5
debian
больше 4 лет назад

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...

github логотип

GHSA-7p7h-4mm5-852v

CVSS3: 7.5
github
больше 4 лет назад

Uncontrolled Resource Consumption in trim-newlines

EPSS

Процентиль: 79%
0.01255
Низкий

7.5 High

CVSS3