Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-25881

Опубликовано: 31 янв. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Migration Toolkit for Virtualizationmigration-toolkit-virtualization/mtv-ui-rhel8Affected
.NET 6.0 on Red Hat Enterprise Linuxrh-dotnet60-dotnetAffected
OpenShift Service Mesh 2openshift-service-mesh/kiali-rhel8Affected
OpenShift Service Mesh 2.1openshift-service-mesh/kiali-rhel8Affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/search-api-rhel8Not affected
Red Hat Advanced Cluster Security 3advanced-cluster-security/rhacs-central-db-rhel8Not affected
Red Hat Advanced Cluster Security 3advanced-cluster-security/rhacs-docs-rhel8Will not fix
Red Hat Advanced Cluster Security 3advanced-cluster-security/rhacs-main-rhel8Will not fix
Red Hat Advanced Cluster Security 3advanced-cluster-security/rhacs-rhel8-operatorWill not fix
Red Hat Advanced Cluster Security 3advanced-cluster-security/rhacs-roxctl-rhel8Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-1333
https://bugzilla.redhat.com/show_bug.cgi?id=2165824http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability

EPSS

Процентиль: 39%
0.00169
Низкий

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-25881

CVSS3: 5.3
nvd
почти 3 года назад

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

msrc логотип

CVE-2022-25881

CVSS3: 7.5
msrc
почти 3 года назад

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server when that server reads the cache policy from the request using this library.

suse-cvrf логотип

SUSE-SU-2023:1942-1

suse-cvrf
больше 2 лет назад

Security update for nodejs16

suse-cvrf логотип

SUSE-SU-2023:1924-1

suse-cvrf
больше 2 лет назад

Security update for nodejs16

suse-cvrf логотип

SUSE-SU-2023:1923-1

suse-cvrf
больше 2 лет назад

Security update for nodejs16

EPSS

Процентиль: 39%
0.00169
Низкий

7.5 High

CVSS3