Описание
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-ui-rhel8 | Affected | ||
| .NET 6.0 on Red Hat Enterprise Linux | rh-dotnet60-dotnet | Affected | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/kiali-rhel8 | Affected | ||
| OpenShift Service Mesh 2.1 | openshift-service-mesh/kiali-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/search-api-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-central-db-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-docs-rhel8 | Will not fix | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-main-rhel8 | Will not fix | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-rhel8-operator | Will not fix | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-roxctl-rhel8 | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-1333
https://bugzilla.redhat.com/show_bug.cgi?id=2165824http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability
EPSS
Процентиль: 37%
0.00155
Низкий
7.5 High
CVSS3
EPSS
Процентиль: 37%
0.00155
Низкий
7.5 High
CVSS3