Описание
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service (ReDoS) via the trim() function.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Developer Tools and Services | odo | Not affected | ||
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Will not fix | ||
| Red Hat Ceph Storage 3 | grafana | Out of support scope | ||
| Red Hat Decision Manager 7 | ua-parser-js | Out of support scope | ||
| Red Hat Discovery 1 | discovery-server-container | Not affected | ||
| Red Hat Enterprise Linux 6 | firefox | Not affected | ||
| Red Hat Enterprise Linux 7 | firefox | Not affected | ||
| Red Hat Enterprise Linux 7 | subscription-manager | Not affected | ||
| Red Hat Enterprise Linux 8 | 389-ds:1.4/389-ds-base | Not affected | ||
| Red Hat Enterprise Linux 8 | cockpit | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, fr ...
EPSS
7.5 High
CVSS3