{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-06T12:28:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.npmjs.com/package/is-svg"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/yetingli/SaveResults/blob/main/js/is-svg.js"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-29059", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.npmjs.com/package/is-svg", "refsource": "MISC", "url": "https://www.npmjs.com/package/is-svg"}, {"name": "https://github.com/yetingli/SaveResults/blob/main/js/is-svg.js", "refsource": "MISC", "url": "https://github.com/yetingli/SaveResults/blob/main/js/is-svg.js"}, {"name": "https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0", "refsource": "MISC", "url": "https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0"}, {"name": "https://github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.md", "refsource": "MISC", "url": "https://github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:55:12.666Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.npmjs.com/package/is-svg"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/yetingli/SaveResults/blob/main/js/is-svg.js"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-29059", "datePublished": "2021-06-21T15:49:24", "dateReserved": "2021-03-22T00:00:00", "dateUpdated": "2024-08-03T21:55:12.666Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:is-svg_project:is-svg:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "739163AC-A3F6-4BEA-AAF0-883D65FE51E3", "versionEndExcluding": "4.3.0", "versionStartIncluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad en las versiones 2.1.0 a 4.2.2 e inferiores de IS-SVG en la que se produce una denegaci\u00f3n de servicio por expresi\u00f3n regular (ReDOS) si se proporciona la aplicaci\u00f3n y se comprueba una cadena SVG no v\u00e1lida elaborada."}], "id": "CVE-2021-29059", "lastModified": "2024-11-21T06:00:37.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-21T16:15:08.080", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.md"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/yetingli/SaveResults/blob/main/js/is-svg.js"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.npmjs.com/package/is-svg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/sindresorhus/is-svg/releases/tag/v4.3.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/yetingli/PoCs/blob/main/CVE-2021-29059/IS-SVG.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/yetingli/SaveResults/blob/main/js/is-svg.js"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.npmjs.com/package/is-svg"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2438", "cpe": "cpe:/a:redhat:openshift:4.8::el8", "impact": "low", "package": "openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.8", "release_date": "2021-07-27T00:00:00Z"}, {"advisory": "RHSA-2021:3759", "cpe": "cpe:/a:redhat:openshift:4.9::el8", "impact": "low", "package": "openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.9", "release_date": "2021-10-18T00:00:00Z"}], "bugzilla": {"description": "nodejs-is-svg: Regular expression denial of service if the application is provided and checks a crafted invalid SVG string", "id": "1974839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974839"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.", "A flaw was found in IS-SVG where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string. The highest threat from this vulnerability is to system availability."], "name": "CVE-2021-29059", "package_state": [{"cpe": "cpe:/a:redhat:service_mesh:1", "fix_state": "Will not fix", "impact": "low", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 1"}, {"cpe": "cpe:/a:redhat:service_mesh:1", "fix_state": "Will not fix", "impact": "low", "package_name": "servicemesh-prometheus", "product_name": "OpenShift Service Mesh 1"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:service_mesh:2.0", "fix_state": "Will not fix", "package_name": "servicemesh-prometheus", "product_name": "OpenShift Service Mesh 2.0"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/console-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "impact": "low", "package_name": "rhacm2/console-ui-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Out of support scope", "package_name": "is-svg", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "impact": "low", "package_name": "kibana", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "kibana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "impact": "low", "package_name": "openshift4/ose-grafana", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "is-svg", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Will not fix", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Will not fix", "impact": "low", "package_name": "ovirt-engine-ui-extensions", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Will not fix", "impact": "low", "package_name": "ovirt-web-ui", "product_name": "Red Hat Virtualization 4"}], "public_date": "2021-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-29059\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-29059"], "statement": "Since OpenShift Service Mesh 1.1.x is in its maintenance phase, only Important and Criticals will be fixed at this time.\nIn Red Hat OpenShift Container Platform (RHOCP) and OpenShift Service Mesh (OSSM), the affected components are behind OpenShift OAuth. This restricts access to the vulnerable is-svg library to authenticated users only, therefore the impact is low. \nOCP 4 delivers the kibana package where the is-svg is bundled, but during the update to container first (to openshift4/ose-logging-kibana6 starting in OCP 4.5) the dependency was removed and hence the kibana package is marked as wontfix. In OCP the grafana container bundles is-svg  library, but as the Grafana dashboard is read-only, injecting the malicious string is not be possible, therefore this component has been marked as wontfix at this time and may be fixed in a future release.\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are not longer in use for 2.2 and 2.3, except for console-ui-container in 2.1, which is behind the OAuth, which in case the impact is marked as low. RHACM 2.1 is in its maintenance phase, so only Important and Criticals will be fixed at this time.\nIn Red Hat Virtualization a vulnerable version of is-svg is used in ovirt-web-ui and ovirt-engine-ui-extensions. It is a build-time dependency not exploitable in the delivered product. Therefore impact is rated Low and it will not be immediately fixed. An update may be provided in future releases.", "threat_severity": "Moderate"}