Uploaded image for project: 'Hybrid Application Console'
  1. Hybrid Application Console
  2. HAC-3019

CVE-2022-3517 minimatch: nodejs-minimatch: ReDoS via the braceExpand function [services-openshift-cluster-manager-default]

XMLWordPrintable

    • 0.5
    • False
    • False
    • None
    • ACM Console Sprint 242

      Security Tracking Issue

      Do not make this issue public.

      Impact: Moderate
      Reported Date: 01-Jun-2022
      Resolve Bug By: 28-Nov-2022

      In case the dates above are already past, please evaluate this bug in your next prioritization review and make a decision then. Remember to explicitly set CLOSED:WONTFIX if you decide not to fix this bug.

      Please review this tracker and its impact on your product or service, as soon as possible. The trackers are filed WITHOUT in-depth analysis as the vulnerability has a Low or Moderate severity impact on this product or service. For more details, please refer to following confluence page - https://docs.engineering.redhat.com/x/3e_3EQ

      Please see the Security Errata Policy for further details: https://docs.engineering.redhat.com/x/9kKpDw

      Flaw:

      CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function
      https://bugzilla.redhat.com/show_bug.cgi?id=2134609

      The nodejs-minimatch package versions before 3.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS). It's possible to cause a denial of service when calling the braceExpand function.

      References:
      https://github.com/grafana/grafana-image-renderer/issues/329

            rh-ee-kcormier Kevin Cormier
            rhn-support-mjuneau Matthew Juneau
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: