CVE-2021-3807

Отчет

This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate. In Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products. OpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as 'will not fix'. Advanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. [1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html