Описание
prism is vulnerable to Inefficient Regular Expression Complexity
Insufficient Regular Expression Complexity in prismjs leads to a Regular Expression Denial of Service (ReDoS) attack. An unauthenticated attacker can exploit this flaw to cause an application to consume an excess amount of CPU by providing a crafted HTML comment as input. This can result in a denial of service attack.
Отчет
OpenShift Container Platform (OCP) grafana-container does package a vulnerable verison of prismjs. However due to the instance being read only and behind OpenShift OAuth, it has been given a Low impact. Additionally it has been marked as wont-fix at this time and may be fixed in a future release. Just as OCP, OpenShift ServiceMesh (OSSM) components are behind OpenShift OAuth what reducing impact to Low.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-ui-rhel8 | Fix deferred | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Affected | ||
| Red Hat Ceph Storage 3 | grafana | Out of support scope | ||
| Red Hat Ceph Storage 4 | rhceph/rhceph-4-dashboard-rhel8 | Affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-grafana | Will not fix | ||
| Red Hat Storage 3 | grafana | Affected | ||
| RHACS-3.67-RHEL-8 | advanced-cluster-security/rhacs-rhel8-operator | Fixed | RHSA-2021:4902 | 01.12.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
prism is vulnerable to Inefficient Regular Expression Complexity
prism is vulnerable to Inefficient Regular Expression Complexity
prism is vulnerable to Inefficient Regular Expression Complexity
prismjs Regular Expression Denial of Service vulnerability
EPSS
6.5 Medium
CVSS3