Описание
An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
A flaw was found in jtidy when parsing untrusted html. If the parser is running on unsanitized user input, an attacker could craft a request that causes the parser to crash by stack overflow, resulting in a denial of service (DoS).
Меры по смягчению последствий
This flaw can be mitigated by implementing sanitization against excessive nesting in user requests.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | jtidy | Not affected | ||
| Cryostat 2 | jtidy | Not affected | ||
| Migration Toolkit for Applications 6 | org.jboss.windup.plugin-windup-maven-plugin-parent | Will not fix | ||
| Migration Toolkit for Runtimes | org.jboss.windup.plugin-windup-maven-plugin-parent | Will not fix | ||
| OpenShift Developer Tools and Services | jenkins | Not affected | ||
| Red Hat AMQ Broker 7 | jtidy | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 3 | jtidy | Not affected | ||
| Red Hat build of Apicurio Registry 2 | jtidy | Not affected | ||
| Red Hat build of Debezium 1 | jtidy | Not affected | ||
| Red Hat build of Debezium 2 | jtidy | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.
An issue was discovered jtidy thru r938 allows attackers to cause a de ...
EPSS
7.5 High
CVSS3