Описание
A vulnerability was found in prettier up to 3.6.2. It has been declared as problematic. Affected by this vulnerability is the function parseNestedCSS of the file src/language-css/parser-postcss.js. The manipulation of the argument node leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A regular expression denial of service flaw has been discovered in the prettier code formatter tool. This flaw allows and attacker who has access to input source files to induce a denial of service.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Cryostat 4 | io.cryostat-cryostat | Fix deferred | ||
Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-console-plugin-rhel9 | Fix deferred | ||
Migration Toolkit for Virtualization | mtv-candidate/mtv-console-plugin-rhel9 | Fix deferred | ||
Multicluster Global Hub | multicluster-globalhub/multicluster-globalhub-grafana-rhel9 | Fix deferred | ||
Network Observability Operator | network-observability/network-observability-console-plugin-compat-rhel9 | Fix deferred | ||
Network Observability Operator | network-observability/network-observability-console-plugin-rhel9 | Fix deferred | ||
OpenShift Lightspeed | openshift-lightspeed/lightspeed-console-plugin-rhel9 | Fix deferred | ||
OpenShift Pipelines | openshift-pipelines/pipelines-console-plugin-rhel8 | Fix deferred | ||
OpenShift Pipelines | openshift-pipelines/pipelines-console-plugin-rhel9 | Fix deferred | ||
OpenShift Pipelines | openshift-pipelines/pipelines-hub-api-rhel8 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in prettier up to 3.6.2. It has been declared as problematic. Affected by this vulnerability is the function parseNestedCSS of the file src/language-css/parser-postcss.js. The manipulation of the argument node leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in prettier up to 3.6.2. It has been declare ...
A vulnerability was found in prettier up to 3.6.2. It has been declared as problematic. Affected by this vulnerability is the function parseNestedCSS of the file src/language-css/parser-postcss.js. The manipulation of the argument node leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
EPSS
5.3 Medium
CVSS3