A Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. Reference: https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526 https://github.com/apostrophecms/sanitize-html/pull/557 https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c
Created golang-github-apache-beam-2 tracking bugs for this issue: Affects: fedora-all [bug 2123458] Created golang-github-prometheus tracking bugs for this issue: Affects: epel-all [bug 2123457] Created python-ipyparallel tracking bugs for this issue: Affects: fedora-all [bug 2123459]
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2022:7313 https://access.redhat.com/errata/RHSA-2022:7313
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-25887