The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions. https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2949722 https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012 https://snyk.io/vuln/SNYK-JS-TERSER-2806366 https://github.com/terser/terser/blob/master/lib/compress/evaluate.js%23L135
Created cockatrice tracking bugs for this issue: Affects: fedora-all [bug 2126279] Created golang-entgo-ent tracking bugs for this issue: Affects: fedora-all [bug 2126280] Created golang-github-prometheus tracking bugs for this issue: Affects: epel-7 [bug 2126278] Created grafana tracking bugs for this issue: Affects: fedora-all [bug 2126281] Created zuul tracking bugs for this issue: Affects: fedora-all [bug 2126282]
This issue has been addressed in the following products: RHINT Service Registry 2.3.0 GA Via RHSA-2022:6835 https://access.redhat.com/errata/RHSA-2022:6835
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2022:7276 https://access.redhat.com/errata/RHSA-2022:7276
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.6 for RHEL 8 Via RHSA-2022:7313 https://access.redhat.com/errata/RHSA-2022:7313
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-25858
This issue has been addressed in the following products: Red Hat OpenShift Service Mesh 2.2 for RHEL 8 Via RHSA-2023:3645 https://access.redhat.com/errata/RHSA-2023:3645