1974839 – (CVE-2021-29059) CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string

Bug 1974839 (CVE-2021-29059) - CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string

Summary: CVE-2021-29059 nodejs-is-svg: Regular expression denial of service if the app...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2021-29059
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1976855 1942618 1942621 1976245 1984348
Blocks:	1974840
TreeView+	depends on / blocked

Reported:	2021-06-22 16:09 UTC by Pedro Sampaio
Modified:	2023-09-01 00:34 UTC (History)
CC List:	51 users (show)
Fixed In Version:	is-svg 4.3.0
Clone Of:
Environment:
Last Closed:	2021-07-28 01:07:56 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2021:2438	0	None	None	None	2021-07-27 22:32:19 UTC
Red Hat Product Errata	RHSA-2021:3759	0	None	None	None	2021-10-18 17:28:31 UTC

Description Pedro Sampaio 2021-06-22 16:09:54 UTC

A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.

References:

https://github.com/yetingli/SaveResults/blob/main/js/is-svg.js
https://www.npmjs.com/package/is-svg
https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0
https://github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.md

Comment 2 Przemyslaw Roguski 2021-06-25 14:56:34 UTC

Upstream fix:
https://github.com/sindresorhus/is-svg/commit/732fc72779840c45a30817d3fe28e12058592b02

Comment 7 errata-xmlrpc 2021-07-27 22:32:21 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.8

Via RHSA-2021:2438 https://access.redhat.com/errata/RHSA-2021:2438

Comment 8 Product Security DevOps Team 2021-07-28 01:07:56 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-29059

Comment 11 errata-xmlrpc 2021-10-18 17:28:28 UTC

This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.9

Via RHSA-2021:3759 https://access.redhat.com/errata/RHSA-2021:3759

Note You need to log in before you can comment on or make changes to this bug.

alazarot
alegrand
anpicker
anstephe
aos-bugs
bdettelb
bmontgom
dblechte
dfediuck
eedri
emingora
eparis
erooth
etirelli
gghezzo
gparvin
ibek
jburrell
jcantril
jokerman
jramanat
jrokos
jstastny
jweiser
jwendell
kakkoyun
kconner
krathod
kverlaen
mgoldboi
michal.skrivanek
mnovotny
mulliken
nstielau
pjindal
pkrupa
rcernich
rfreiman
rguimara
rrajasek
sbonazzo
sgratch
sherold
spasquie
sponnaga
stcannon
thee
tomckay
twalsh
tzimanyi
yturgema