Описание
@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator(), a specially crafted octokit instance—particularly with a malicious link parameter in the headers section of the request—can trigger a ReDoS attack. Version 11.4.1 contains a fix for the issue.
A flaw was found in the plugin-paginate-rest Octokit plugin. When calling octokit.paginate.iterator(), a specially crafted octokit instance with a malicious link parameter in the headers section of the request can trigger a regular expression denial-of-service (ReDoS) attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Multicluster Engine for Kubernetes | multicluster-engine/console-mce-rhel8 | Will not fix | ||
| OpenShift Serverless | openshift-serverless-1/kn-backstage-plugins-eventmesh-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/console-rhel8 | Will not fix | ||
| Red Hat Developer Hub | rhdh/rhdh-hub-rhel9 | Fix deferred | ||
| Red Hat Integration Camel K 1 | io.apicurio-apicurio-registry | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 8 | org.keycloak-keycloak-parent | Not affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | org.keycloak-keycloak-parent | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/code-rhel8 | Will not fix |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
@octokit/plugin-paginate-rest is the Octokit plugin to paginate REST API endpoint responses. For versions starting in 1.0.0 and prior to 11.4.1 of the npm package `@octokit/plugin-paginate-rest`, when calling `octokit.paginate.iterator()`, a specially crafted `octokit` instance—particularly with a malicious `link` parameter in the `headers` section of the `request`—can trigger a ReDoS attack. Version 11.4.1 contains a fix for the issue.
@octokit/plugin-paginate-rest has a Regular Expression in iterator Leads to ReDoS Vulnerability Due to Catastrophic Backtracking
5.3 Medium
CVSS3