A flaw that could lead to Denial of Service was found in node packages: html-parse-stringify versions prior to 2.0.1; all versions of package html-parse-stringify2 was found. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process.
External References: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1080633 https://snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY-1079306 https://snyk.io/vuln/SNYK-JS-HTMLPARSESTRINGIFY2-1079307
Statement: The access to the vulnerable library is protected by RHACM Authentication reducing impact of this flaw to LOW.
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7 Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 Via RHSA-2021:3016 https://access.redhat.com/errata/RHSA-2021:3016
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-23346