CVE-2022-21222

Опубликовано: 30 сент. 2022

Источник: redhat

CVSS3: 7.5

Описание

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.

A vulnerability was found in the css-what package. The flaw allows Regular expression denial of service (ReDoS) attacks, affecting system availability.

Затронутые пакеты

Платформа	Пакет	Состояние
Logging Subsystem for Red Hat OpenShift	openshift-logging/logging-view-plugin-rhel9	Not affected
Migration Toolkit for Containers	rhmtc/openshift-migration-ui-rhel8	Not affected
Migration Toolkit for Runtimes	css-what	Not affected
Migration Toolkit for Virtualization	migration-toolkit-virtualization/mtv-ui-rhel8	Not affected
OpenShift Developer Tools and Services	odo	Not affected
OpenShift Service Mesh 2	openshift-service-mesh/kiali-rhel8	Not affected
OpenShift Service Mesh 2.0	openshift-service-mesh/kiali-rhel8	Not affected
OpenShift Service Mesh 2.0	servicemesh-grafana	Affected
OpenShift Service Mesh 2.0	servicemesh-prometheus	Not affected
OpenShift Service Mesh 2.1	openshift-service-mesh/kiali-rhel8	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=2131335css-what: ReDoS due to insecure regular expression

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-21222

CVSS3: 5.3

ubuntu

больше 3 лет назад

CVE-2022-21222

CVSS3: 5.3

nvd

больше 3 лет назад

CVE-2022-21222

CVSS3: 5.3

debian

больше 3 лет назад

The package css-what before 2.1.3 are vulnerable to Regular Expression ...

GHSA-p28h-cc7q-c4fg

CVSS3: 7.5

github

больше 3 лет назад

css-what vulnerable to ReDoS due to use of insecure regular expression

7.5 High

CVSS3