Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-25858

Опубликовано: 15 июл. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

A vulnerability was found in the terser package. Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availability.

Отчет

For OpenShift Do (odo) product terser is shipped only for using in static page generators for upstream, thus this represents no security risk.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Not affected
Migration Toolkit for Containersrhmtc/openshift-migration-ui-rhel8Will not fix
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-ui-rhel8Fix deferred
OpenShift Developer Tools and ServicesodoNot affected
OpenShift Service Mesh 2openshift-service-mesh/kiali-rhel8Will not fix
OpenShift Service Mesh 2.0openshift-service-mesh/kiali-rhel8Affected
OpenShift Service Mesh 2.0servicemesh-grafanaAffected
OpenShift Service Mesh 2.0servicemesh-prometheusAffected
OpenShift Service Mesh 2.1openshift-service-mesh/kiali-rhel8Will not fix
OpenShift Service Mesh 2.1servicemesh-grafanaWill not fix

Показывать по

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2126277terser: insecure use of regular expressions leads to ReDoS

EPSS

Процентиль: 86%
0.0284
Низкий

7.5 High

CVSS3

Связанные уязвимости

CVSS3: 5.3
ubuntu
больше 3 лет назад

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

CVSS3: 5.3
nvd
больше 3 лет назад

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

CVSS3: 7.5
msrc
5 месяцев назад

Описание отсутствует

CVSS3: 5.3
debian
больше 3 лет назад

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vuln ...

CVSS3: 7.5
github
больше 3 лет назад

Terser insecure use of regular expressions leads to ReDoS

EPSS

Процентиль: 86%
0.0284
Низкий

7.5 High

CVSS3