Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3803

Опубликовано: 13 сент. 2021
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

nth-check is vulnerable to Inefficient Regular Expression Complexity

A flaw was found in nth-check nodejs library where it could lead to consuming a big amount of resources when executing some checks. Attackers could take advantage of this by crafting an invalid CSS nth-checks causing a disruption or a denial of service (DoS).

Отчет

In Red Hat Virtualization, ovirt-web-ui and ovirt-engine-ui-extensions use a vulnerable version of nth-check. The package is used during the build process and is not shipped with the product. The impact of the flaw is rated Low and it will not be immediately addressed. A future update of Red Hat Virtualization may include fixes for this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Service Mesh 1servicemesh-grafanaOut of support scope
OpenShift Service Mesh 1servicemesh-prometheusOut of support scope
OpenShift Service Mesh 2.0servicemesh-grafanaAffected
OpenShift Service Mesh 2.0servicemesh-prometheusAffected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/application-ui-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-header-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/console-ui-rhel8Fix deferred
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/grc-ui-rhel8Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/kui-web-terminal-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2006336nodejs-nth-check: inefficient regular expression complexity

EPSS

Процентиль: 33%
0.00133
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3803

CVSS3: 7.5
ubuntu
больше 4 лет назад

nth-check is vulnerable to Inefficient Regular Expression Complexity

nvd логотип

CVE-2021-3803

CVSS3: 7.5
nvd
больше 4 лет назад

nth-check is vulnerable to Inefficient Regular Expression Complexity

debian логотип

CVE-2021-3803

CVSS3: 7.5
debian
больше 4 лет назад

nth-check is vulnerable to Inefficient Regular Expression Complexity

github логотип

GHSA-rp65-9cf3-cjxr

CVSS3: 7.5
github
больше 4 лет назад

Inefficient Regular Expression Complexity in nth-check

EPSS

Процентиль: 33%
0.00133
Низкий

7.5 High

CVSS3