Описание
An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.
A flaw was found in the file-type npm package. A malformed MKV file could lead the file type detector to a denial of Service. This issue allows an attacker to input a malicious file and make the server unresponsive.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-ui-rhel8 | Affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-central-db-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-docs-rhel8 | Affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-main-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-rhel8-operator | Affected | ||
| Red Hat Advanced Cluster Security 3 | advanced-cluster-security/rhacs-roxctl-rhel8 | Affected | ||
| Red Hat build of Apicurio Registry 2 | file-type | Not affected | ||
| Red Hat Integration Camel K 1 | file-type | Will not fix | ||
| Red Hat OpenShift Dev Spaces | devspaces/code-rhel8 | Affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/idea-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. A malformed MKV file could cause the file type detector to get caught in an infinite loop. This would make the application become unresponsive and could be used to cause a DoS attack.
file-type vulnerable to Infinite Loop via malformed MKV file
EPSS
5.5 Medium
CVSS3