Описание
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Interconnect 1 | word-wrap | Not affected | ||
| Cryostat 2 | word-wrap | Not affected | ||
| Migration Toolkit for Applications 6 | mta/mta-ui-rhel9 | Affected | ||
| Migration Toolkit for Runtimes | org.jboss.windup-windup-parent | Not affected | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-ui-rhel8 | Will not fix | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-ui-rhel8 | Will not fix | ||
| OpenShift Service Mesh 2 | openshift-service-mesh/kiali-rhel8 | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-cluster-templates-console-plugin-container | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/search-api-rhel8 | Affected |
Показывать по
Дополнительная информация
EPSS
7.5 High
CVSS3
Связанные уязвимости
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
word-wrap vulnerable to Regular Expression Denial of Service
Уязвимость модуля word-wrap программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3