Created nodejs-highlight-js tracking bugs for this issue:
Affects: epel-all [bug 1901664]
Affects: fedora-all [bug 1901663]
In Red Hat Virtualization, ovirt-engine-api-explorer uses a vulnerable version of highlight.js, however since release 4.4.3 ovirt-engine-api-explorer is obsoleted and no longer used.
This issue has been addressed in the following products:
Red Hat Quay 3
Via RHSA-2021:3917 https://access.redhat.com/errata/RHSA-2021:3917
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):