Uploaded image for project: 'Data Foundation Bugs'
  1. Data Foundation Bugs
  2. DFBUGS-922

CVE-2024-45296 odf-console-container: Backtracking regular expressions cause ReDoS [openshift-data-foundation-4.15.z]

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • odf-4.15.9
    • odf-4.15.z
    • management-console
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Committed
    • ?
    • ?
    • 4.15.9-1
    • Committed
    • None

      Verification: check in the container image build logs that the fixed
      version for "path-to-regexp" are downloaded/used:
      │ └─┬ react-router@5.3.4
      │ └── path-to-regexp@1.9.0 <=== fixed version

            [DFBUGS-922] CVE-2024-45296 odf-console-container: Backtracking regular expressions cause ReDoS [openshift-data-foundation-4.15.z]

            Errata Tool added a comment -

            Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

            For information on the advisory (Moderate: Red Hat OpenShift Data Foundation 4.15.9 Bug Fix Update), and where to find the updated files, follow the link below.

            If the solution does not work for you, open a new bug report.
            https://access.redhat.com/errata/RHSA-2025:0164

            Errata Tool added a comment - Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (Moderate: Red Hat OpenShift Data Foundation 4.15.9 Bug Fix Update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2025:0164

            Shivam Durgbuns added a comment -

            Verified, version matched with image

            { "dev": true, "name": "express", "replaces": null, "type": "yarn", "version": "4.21.1" }

            ,

            { "dev": false, "name": "webpack", "replaces": null, "type": "yarn", "version": "5.94.0" }

            ,

            link: https://download-01.beak-001.prod.iad2.dc.redhat.com/brewroot/packages/odf-console-container/v4.15.9/1/files/remote-sources/remote-source-odf-console.json

            Shivam Durgbuns added a comment - Verified, version matched with image { "dev": true, "name": "express", "replaces": null, "type": "yarn", "version": "4.21.1" } , { "dev": false, "name": "webpack", "replaces": null, "type": "yarn", "version": "5.94.0" } , link: https://download-01.beak-001.prod.iad2.dc.redhat.com/brewroot/packages/odf-console-container/v4.15.9/1/files/remote-sources/remote-source-odf-console.json

            Data Foundation bot added a comment -

            Please backport the fix to ODF 4.15.9.

            Data Foundation bot added a comment - Please backport the fix to ODF 4.15.9.

              almartin-storage-ocs Alfonso Martínez Hidalgo
              almartin-storage-ocs Alfonso Martínez Hidalgo
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: