Описание
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
A flaw was found in sanitize-html library. Insecure global regular expression replacement logic of HTML comment removal could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Affected | ||
| OpenShift Service Mesh 2.1 | servicemesh-prometheus | Fix deferred | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Affected | ||
| Red Hat Ansible Automation Platform 2 | automation-controller | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-console | Affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-console | Affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/dashboard-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-governance-policy-addon-controller-container | Fixed | RHSA-2022:7313 | 02.11.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-grafana-container | Fixed | RHSA-2022:7313 | 02.11.2022 |
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-must-gather-container | Fixed | RHSA-2022:7313 | 02.11.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
The package sanitize-html before 2.7.1 are vulnerable to Regular Expre ...
EPSS
5.3 Medium
CVSS3