Bug 2082705 (CVE-2022-21680)
| Summary: | CVE-2022-21680 marked: regular expression block.def may lead Denial of Service | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adeza, agerstmayr, aileenc, aoconnor, asoldano, bbaranow, bmaxwell, bniver, boliveir, brian.stansberry, cdewolf, chazlett, ctubbsii, danmick, darran.lofthouse, david, dkreling, dosoudil, ego.cordatus, eric.wittmann, fboucher, fedora, fjuma, flucifre, ggaughan, gmalinko, gmeno, go-sig, gparvin, grafana-maint, idm-ds-dev-bugs, i, iweiss, janstey, jkurik, jochrist, josef, jschatte, jwendell, jwon, kkeithle, lgao, loic, mbenjamin, mgoodwin, mhackett, milleruntime, mosmerov, mpitt, msochure, msvehla, nathans, njean, nodejs-sig, nwallace, openstack-sig, orion, pahickey, pantinor, pdelbell, pdrozd, pjindal, pmackay, pskopek, ramkrsna, rareddy, rcernich, rstancel, rsvoboda, smaestri, sostapov, stcannon, steve, sthorger, stuart, tchollingsworth, tom.jenkinson, twalsh, vereddy, willb, yicai, zebob.m |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | markedjs 4.0.10 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2083042, 2083043, 2083624, 2090335, 2090339, 2090340, 2090569, 2090570, 2090571, 2090572, 2090573, 2090574, 2090575, 2090576, 2090577, 2090578, 2090579, 2090580, 2090581, 2090582, 2090583, 2090584, 2090585, 2090586, 2090587, 2090588 | ||
| Bug Blocks: | 2082707 | ||
|
Description
Patrick Del Bello
2022-05-06 20:14:47 UTC
Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2090335] Created ceph tracking bugs for this issue: Affects: fedora-all [bug 2090573] Created gitqlient tracking bugs for this issue: Affects: epel-all [bug 2090570] Affects: fedora-all [bug 2090574] Created golang-github-apache-beam-2 tracking bugs for this issue: Affects: fedora-all [bug 2090575] Created golang-github-apache-thrift tracking bugs for this issue: Affects: fedora-all [bug 2090576] Created golang-github-hashicorp-consul-api tracking bugs for this issue: Affects: fedora-all [bug 2090577] Created golang-github-hashicorp-consul-sdk tracking bugs for this issue: Affects: fedora-all [bug 2090578] Created marked tracking bugs for this issue: Affects: fedora-all [bug 2090569] Created python-drf-yasg tracking bugs for this issue: Affects: epel-all [bug 2090571] Affects: fedora-all [bug 2090579] Created python-ipyparallel tracking bugs for this issue: Affects: fedora-all [bug 2090580] Created thrift tracking bugs for this issue: Affects: epel-all [bug 2090572] Affects: fedora-all [bug 2090581] Created zuul tracking bugs for this issue: Affects: fedora-all [bug 2090582] Minimum Marked version is being used since Argo CD v2.3.0 on March 06, 2022 release. Closing this as won't fix. References: https://github.com/argoproj/argo-cd/releases/tag/v2.3.0 https://github.com/argoproj/argo-cd/pull/8573/files#diff-3a968206d6de2fecfc5dacd7d94bab7744c9f5d5c999a816164d95cbc135c316R5918 This issue has been addressed in the following products: Red Hat Ceph Storage 6.1 Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642 |