{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-13T20:06:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/sindresorhus/is-svg/releases"}, {"tags": ["x_refsource_MISC"], "url": "https://www.npmjs.com/package/is-svg"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sindresorhus/is-svg/releases/tag/v4.2.2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210513-0008/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-28092", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sindresorhus/is-svg/releases", "refsource": "MISC", "url": "https://github.com/sindresorhus/is-svg/releases"}, {"name": "https://www.npmjs.com/package/is-svg", "refsource": "MISC", "url": "https://www.npmjs.com/package/is-svg"}, {"name": "https://github.com/sindresorhus/is-svg/releases/tag/v4.2.2", "refsource": "MISC", "url": "https://github.com/sindresorhus/is-svg/releases/tag/v4.2.2"}, {"name": "https://security.netapp.com/advisory/ntap-20210513-0008/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210513-0008/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:33:17.358Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sindresorhus/is-svg/releases"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.npmjs.com/package/is-svg"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sindresorhus/is-svg/releases/tag/v4.2.2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210513-0008/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-28092", "datePublished": "2021-03-12T21:31:35", "dateReserved": "2021-03-08T00:00:00", "dateUpdated": "2024-08-03T21:33:17.358Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:is-svg_project:is-svg:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "5BB35285-8008-4EED-8975-A3F11F13D31C", "versionEndIncluding": "4.2.1", "versionStartIncluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time."}, {"lang": "es", "value": "El paquete is-svg versiones 2.1.0 hasta 4.2.1 para Node.js, usa una expresi\u00f3n regular que es vulnerable a una Denegaci\u00f3n de Servicio de Expresi\u00f3n Regular (ReDoS). Si un atacante proporciona una cadena maliciosa, is-svg se bloquear\u00e1 al procesar la entrada durante mucho tiempo"}], "id": "CVE-2021-28092", "lastModified": "2024-11-21T05:59:04.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-12T22:15:14.983", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/sindresorhus/is-svg/releases"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/sindresorhus/is-svg/releases/tag/v4.2.2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210513-0008/"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.npmjs.com/package/is-svg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/sindresorhus/is-svg/releases"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/sindresorhus/is-svg/releases/tag/v4.2.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210513-0008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.npmjs.com/package/is-svg"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1333"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "acmesolver-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "acm-must-gather-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "acm-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "application-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "cainjector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "cert-manager-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "cert-manager-webhook-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "cert-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "clusterlifecycle-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "configmap-watcher-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "config-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "console-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "console-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "console-header-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "endpoint-component-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "endpoint-monitoring-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "endpoint-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "governance-policy-propagator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "governance-policy-spec-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "governance-policy-status-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "governance-policy-template-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "grafana-dashboard-loader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "grc-ui-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "grc-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "iam-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "klusterlet-addon-lease-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "klusterlet-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "kui-web-terminal-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "management-ingress-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "mcm-topology-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "mcm-topology-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "memcached-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "memcached-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "metrics-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicloud-manager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multiclusterhub-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multiclusterhub-repo-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-observability-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-application-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-channel-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-deployable-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-placementrule-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-subscription-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-subscription-release-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "observatorium-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "observatorium-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "openshift-hive-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "rbac-query-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "rcm-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "redisgraph-tls-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "registration-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "registration-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-aggregator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "submariner-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "thanos-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "thanos-receive-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:1499", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "work-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-05-04T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "acmesolver-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "acm-must-gather-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "acm-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "application-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "cainjector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "cert-manager-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "cert-manager-webhook-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "cert-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "clusterlifecycle-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "configmap-watcher-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "config-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "console-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "console-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "console-header-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "endpoint-component-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "endpoint-monitoring-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "endpoint-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "governance-policy-propagator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "governance-policy-spec-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "governance-policy-status-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "governance-policy-template-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "grafana-dashboard-loader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "grc-ui-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "grc-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "iam-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "klusterlet-addon-lease-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "klusterlet-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "kui-web-terminal-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "management-ingress-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "mcm-topology-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "mcm-topology-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "memcached-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "memcached-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "metrics-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicloud-manager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multiclusterhub-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multiclusterhub-repo-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-observability-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-application-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-channel-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-deployable-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-placementrule-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-subscription-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "multicluster-operators-subscription-release-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "observatorium-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "observatorium-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "openshift-hive-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "rbac-query-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "rcm-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "redisgraph-tls-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "registration-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "registration-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-aggregator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "search-ui-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "submariner-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "thanos-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "thanos-receive-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:2461", "cpe": "cpe:/a:redhat:acm:2.2::el7", "package": "work-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2021-06-16T00:00:00Z"}, {"advisory": "RHSA-2021:3016", "cpe": "cpe:/a:redhat:acm:2.3::el8", "impact": "low", "package": "rhacm2/console-api-rhel8:v2.3.0-63", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "release_date": "2021-08-06T00:00:00Z"}, {"advisory": "RHSA-2021:3016", "cpe": "cpe:/a:redhat:acm:2.3::el8", "impact": "low", "package": "rhacm2/search-ui-rhel8:v2.3.0-59", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8", "release_date": "2021-08-06T00:00:00Z"}, {"advisory": "RHSA-2021:2438", "cpe": "cpe:/a:redhat:openshift:4.8::el8", "impact": "low", "package": "openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.8", "release_date": "2021-07-27T00:00:00Z"}, {"advisory": "RHSA-2021:3759", "cpe": "cpe:/a:redhat:openshift:4.9::el8", "impact": "low", "package": "openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.9", "release_date": "2021-10-18T00:00:00Z"}], "bugzilla": {"description": "nodejs-is-svg: ReDoS via malicious string", "id": "1939103", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20->CWE-400", "details": ["The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.", "A flaw was found in is-svg package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS).\nThe highest threat from this vulnerability is to availability."], "name": "CVE-2021-28092", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh-prometheus", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "impact": "low", "package_name": "rhacm2/console-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "impact": "low", "package_name": "rhacm2/console-ui-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "kibana", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "kibana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "impact": "low", "package_name": "openshift4/ose-grafana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "impact": "low", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2021-03-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-28092\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-28092"], "statement": "Red Hat OpenShift Container Platform (RHOCP) 4 delivers the kibana package where the nodejs-is-svg package is bundled, but during the update to container first (to openshift4/ose-logging-kibana6 since OCP 4.5) the dependency was removed and hence kibana package is marked as wontfix. This may be fixed in the future.\nIn OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Container Platform (RHOCP) the affected components are behind OpenShift OAuth. This restricts access to the vulnerable nodejs-is-svg to authenticated users only, therefore the impact is low.\nRed Hat Quay includes is-svg as a dependency of css-loader which is only using during development, not runtime. This issues has been rated low impact for Red Hat Quay.", "threat_severity": "Moderate"}