Описание
fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.
A regular expression denial of service (ReDoS) flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition.
Отчет
Red Hat has decided to rate this vulnerability as Important due to the potential loss of Availability and the low complexity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Migration Toolkit for Applications 6 | mta/mta-ui-rhel9 | Will not fix | ||
| Migration Toolkit for Applications 7 | mta/mta-ui-rhel9 | Not affected | ||
| OpenShift Serverless | fast-xml-parser | Will not fix | ||
| Red Hat Developer Hub | rhdh-operator-container | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-dashboard-container | Affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-operator-container | Affected | ||
| Red Hat OpenShift Virtualization 4 | container-native-virtualization/kubevirt-console-plugin | Affected | ||
| Red Hat Developer Hub 1.2 on RHEL 9 | rhdh/rhdh-hub-rhel9 | Fixed | RHBA-2024:5958 | 28.08.2024 |
| RHEL-9-CNV-4.16 | container-native-virtualization/kubevirt-console-plugin-rhel9 | Fixed | RHSA-2024:5054 | 06.08.2024 |
| RHODF-4.14-RHEL-9 | odf4/mcg-core-rhel9 | Fixed | RHSA-2024:7624 | 03.10.2024 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
fast-xml-parser is an open source, pure javascript xml parser. a ReDOS exists on currency.js. This vulnerability is fixed in 4.4.1.
fast-xml-parser is an open source, pure javascript xml parser. a ReDOS ...
fast-xml-parser vulnerable to ReDOS at currency parsing
7.5 High
CVSS3