Bug 2330689 (CVE-2024-52798)
| Summary: | CVE-2024-52798 path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aarif, aazores, abarbaro, abrianik, abuckta, adudiak, adupliak, akostadi, alcohan, alizardo, amasferr, amctagga, anjoseph, anpicker, aprice, aschwart, asoldano, bbaranow, bdettelb, bmaxwell, boliveir, brasmith, brian.stansberry, brking, carogers, caswilli, cdewolf, chazlett, chfoley, cmah, cmiranda, cochase, danken, darran.lofthouse, dhanak, dkreling, dkuc, dmayorov, doconnor, dosoudil, dranck, drichtar, drosa, dymurray, eaguilar, ebaron, erezende, eric.wittmann, fdeutsch, fjansen, fjuma, ggrzybek, gkamathe, gmalinko, gotiwari, gparvin, gtanzill, haoli, hasun, hkataria, ibek, ibolton, istudens, ivassile, iweiss, jajackso, janstey, jbalunas, jcammara, jcantril, jchui, jforrest, jfula, jgrulich, jhe, jhorak, jkoehler, jkoops, jlledo, jmatthew, jmitchel, jmontleo, jneedle, jolong, jowilson, jprabhak, jrokos, jsamir, jwendell, jwong, kaycoth, kegrant, koliveir, kshier, ktsao, kverlaen, lball, lgao, lphiri, mabashia, manissin, mmakovy, mnovotny, mosmerov, mpierce, mposolda, msochure, mstipich, msvehla, mvyas, nboldt, ngough, nipatil, njean, nwallace, nyancey, oezr, omaciel, ometelka, orabin, oramraz, owatkins, pahickey, pantinor, parichar, pberan, pbizzarr, pbohmill, pbraun, pcongius, pdelbell, pdrozd, peholase, pesilva, pgaikwad, phoracek, pjindal, pmackay, pskopek, psrna, ptisnovs, rcernich, rexwhite, rguimara, rhaigner, rjohnson, rkubis, rmartinc, rojacob, rowaters, rstancel, rstepani, saroy, sausingh, sdawley, sfroberg, shvarugh, simaishi, slucidi, smaestri, smcdonal, smullick, sseago, ssilvert, stcannon, sthirugn, sthorger, stirabos, swoodman, syedriko, tasato, teagle, tfister, thason, thavo, tjochec, tom.jenkinson, tpopela, tsedmik, twalsh, veshanka, vmuzikar, wtam, xdharmai, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2330731, 2330733, 2330734, 2330727, 2330728, 2330729, 2330730, 2330732, 2330735, 2330736, 2330737, 2330738, 2330739, 2330740, 2330741, 2330742, 2330743, 2330744, 2330745 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2024-12-05 23:01:25 UTC
This issue has been addressed in the following products: RHODF-4.17-RHEL-9 Via RHSA-2025:0775 https://access.redhat.com/errata/RHSA-2025:0775 This issue has been addressed in the following products: RHODF-4.16-RHEL-9 Via RHSA-2025:0783 https://access.redhat.com/errata/RHSA-2025:0783 This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.5 for RHEL 8 Via RHSA-2025:1051 https://access.redhat.com/errata/RHSA-2025:1051 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:0875 https://access.redhat.com/errata/RHSA-2025:0875 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2025:0876 https://access.redhat.com/errata/RHSA-2025:0876 This issue has been addressed in the following products: HawtIO HawtIO 4.2.0 Via RHSA-2025:8761 https://access.redhat.com/errata/RHSA-2025:8761 |