Bug 2082706 (CVE-2022-21681)
| Summary: | CVE-2022-21681 marked: regular expression inline.reflinkSearch may lead Denial of Service | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adeza, agerstmayr, aileenc, aoconnor, asoldano, bbaranow, bmaxwell, bniver, boliveir, brian.stansberry, cdewolf, chazlett, ctubbsii, danmick, darran.lofthouse, david, dkreling, dosoudil, ego.cordatus, eric.wittmann, fboucher, fedora, fjuma, flucifre, ggaughan, gmalinko, gmeno, go-sig, gparvin, grafana-maint, idm-ds-dev-bugs, i, iweiss, janstey, jkurik, jochrist, josef, jschatte, jwendell, jwon, kkeithle, lgao, loic, mbenjamin, mgoodwin, mhackett, milleruntime, mosmerov, mpitt, msochure, msvehla, nathans, njean, nodejs-sig, nwallace, openstack-sig, orion, pahickey, pantinor, pdelbell, pdrozd, pjindal, pmackay, pskopek, ramkrsna, rareddy, rcernich, rstancel, rsvoboda, smaestri, sostapov, stcannon, steve, sthorger, stuart, tchollingsworth, tom.jenkinson, twalsh, vereddy, willb, yicai, zebob.m |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | markedjs 4.0.10 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in the markedjs package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2083044, 2083045, 2083623, 2090337, 2090341, 2090342, 2091866, 2091867, 2092712, 2092713, 2092714, 2092715, 2092716, 2092717, 2092718, 2092719, 2092720, 2092721, 2092722, 2092723, 2092724, 2092725 | ||
| Bug Blocks: | 2082707 | ||
|
Description
Patrick Del Bello
2022-05-06 20:14:50 UTC
Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2090337] Created ceph tracking bugs for this issue: Affects: fedora-all [bug 2092716] Created gitqlient tracking bugs for this issue: Affects: epel-all [bug 2092713] Affects: fedora-all [bug 2092717] Created golang-github-apache-beam-2 tracking bugs for this issue: Affects: fedora-all [bug 2092718] Created golang-github-apache-thrift tracking bugs for this issue: Affects: fedora-all [bug 2092719] Created golang-github-hashicorp-consul-api tracking bugs for this issue: Affects: fedora-all [bug 2092720] Created golang-github-hashicorp-consul-sdk tracking bugs for this issue: Affects: fedora-all [bug 2092721] Created marked tracking bugs for this issue: Affects: fedora-all [bug 2092712] Created python-drf-yasg tracking bugs for this issue: Affects: epel-all [bug 2092714] Affects: fedora-all [bug 2092722] Created python-ipyparallel tracking bugs for this issue: Affects: fedora-all [bug 2092723] Created thrift tracking bugs for this issue: Affects: epel-all [bug 2092715] Affects: fedora-all [bug 2092724] Created zuul tracking bugs for this issue: Affects: fedora-all [bug 2092725] Minimum Marked version is being used since Argo CD v2.3.0 on March 06, 2022 release. Closing this as won't fix. References: https://github.com/argoproj/argo-cd/releases/tag/v2.3.0 https://github.com/argoproj/argo-cd/pull/8573/files#diff-3a968206d6de2fecfc5dacd7d94bab7744c9f5d5c999a816164d95cbc135c316R5918 This issue has been addressed in the following products: Red Hat Ceph Storage 6.1 Via RHSA-2023:3642 https://access.redhat.com/errata/RHSA-2023:3642 |