Описание
A regular expression denial of service flaw has been discovered in the prettier code formatter tool. This flaw allows and attacker who has access to input source files to induce a denial of service.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 4 | io.cryostat-cryostat | Fix deferred | ||
| Migration Toolkit for Virtualization | migration-toolkit-virtualization/mtv-console-plugin-rhel9 | Fix deferred | ||
| Migration Toolkit for Virtualization | mtv-candidate/mtv-console-plugin-rhel9 | Fix deferred | ||
| Multicluster Global Hub | multicluster-globalhub/multicluster-globalhub-grafana-rhel9 | Fix deferred | ||
| Network Observability Operator | network-observability/network-observability-console-plugin-compat-rhel9 | Fix deferred | ||
| Network Observability Operator | network-observability/network-observability-console-plugin-rhel9 | Fix deferred | ||
| OpenShift Lightspeed | openshift-lightspeed/lightspeed-console-plugin-rhel9 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-console-plugin-rhel8 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-console-plugin-rhel9 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-hub-api-rhel8 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
5.3 Medium
CVSS3
Связанные уязвимости
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
A vulnerability was found in prettier up to 3.6.2. It has been declared as problematic. Affected by this vulnerability is the function parseNestedCSS of the file src/language-css/parser-postcss.js. The manipulation of the argument node leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
5.3 Medium
CVSS3