Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3795

Опубликовано: 10 сент. 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

semver-regex is vulnerable to Inefficient Regular Expression Complexity

A flaw was found in the semver-regex library where it could lead to consuming a big amount of resources when executing specific strings. Attackers could take advantage of this by crafting an invalid version causing a disruption or a denial of service (DoS).

Отчет

The Red Hat Directory Server 11 Web UI semver-regex as a dependency, but it is not used in the 389-ds cockpit plugin, and not shipped as part of the RPM binary. Thus Red Hat Directory Server 11 is not affected by this flaw. In Red Hat Virtualization semver-regex is a dependency of semantic-release, which is used for release automation. The vulnerability may cause a denial of service during the release process of the components using the semantic-release package, and not their functionality. As such, the impact of this vulnerability for Red Hat Virtualization is rated Low and will not be addressed immediately. Future releases may include fixes. In Red Hat Advanced Cluster Management for Kubernetes (RHACM) the server-regexp dependency is protected by OAuth what is reducing impact by this flaw to Low.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-api-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/search-api-rhel8Fix deferred
Red Hat Directory Server 11redhat-ds:11/389-ds-baseNot affected
Red Hat Virtualization 4ovirt-engine-ui-extensionsWill not fix
Red Hat Virtualization 4ovirt-web-uiWill not fix
Red Hat Advanced Cluster Management for Kubernetes 2acmesolver-containerFixedRHSA-2021:387314.10.2021
Red Hat Advanced Cluster Management for Kubernetes 2acm-must-gather-containerFixedRHSA-2021:387314.10.2021
Red Hat Advanced Cluster Management for Kubernetes 2acm-operator-bundle-containerFixedRHSA-2021:387314.10.2021
Red Hat Advanced Cluster Management for Kubernetes 2application-ui-containerFixedRHSA-2021:387314.10.2021
Red Hat Advanced Cluster Management for Kubernetes 2cainjector-containerFixedRHSA-2021:387314.10.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2006009semver-regex: inefficient regular expression complexity

EPSS

Процентиль: 52%
0.00293
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-3795

CVSS3: 7.5
nvd
больше 4 лет назад

semver-regex is vulnerable to Inefficient Regular Expression Complexity

github логотип

GHSA-44c6-4v22-4mhx

CVSS3: 7.5
github
больше 4 лет назад

semver-regex Regular Expression Denial of Service (ReDOS)

EPSS

Процентиль: 52%
0.00293
Низкий

7.5 High

CVSS3