Описание
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.
A flaw was found in the interpolateName function in interpolateName.js in the webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. This flaw can lead to a regular expression denial of service (ReDoS).
Отчет
In Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container and openshift-logging/logging-view-plugin-rhel8 bundles many nodejs packages as a build time dependencies, including loader-utils package. The vulnerable code is not used hence the impact to OpenShift Logging by this vulnerability is Low.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 2 | loader-utils | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/logging-view-plugin-rhel9 | Not affected | ||
| Migration Toolkit for Applications 6 | mta/mta-ui-rhel9 | Not affected | ||
| Migration Toolkit for Containers | rhmtc/openshift-migration-ui-rhel8 | Not affected | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-ui-rhel8 | Affected | ||
| Network Observability Operator | network-observability/network-observability-console-plugin-rhel9 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-ui-rhel8 | Not affected | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/kiali-rhel8 | Will not fix | ||
| OpenShift Service Mesh 2.1 | openshift-service-mesh/kiali-rhel8 | Will not fix |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.
A Regular expression denial of service (ReDoS) flaw was found in Funct ...
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
7.5 High
CVSS3