The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to Regular Expression Denial of Service (ReDoS). If an attacker provides a malicious string, is-svg will get stuck processing the input for a very long time.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
User Interaction None
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
AV:N/AC:L/Au:N/C:N/I:N/A:P
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Is-svg Project |
|
Redhat |
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
Red Hat Advanced Cluster Management for Kubernetes 2 | |||
acmesolver-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
acm-must-gather-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
acm-operator-bundle-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
application-ui-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
cainjector-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
cert-manager-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
cert-manager-webhook-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
cert-policy-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
clusterlifecycle-state-metrics-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
configmap-watcher-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
config-policy-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
console-api-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
console-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
console-header-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
endpoint-component-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
endpoint-monitoring-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
endpoint-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
governance-policy-propagator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
governance-policy-spec-sync-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
governance-policy-status-sync-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
governance-policy-template-sync-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
grafana-dashboard-loader-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
grc-ui-api-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
grc-ui-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
iam-policy-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
klusterlet-addon-lease-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
klusterlet-operator-bundle-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
kui-web-terminal-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
management-ingress-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
mcm-topology-api-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
mcm-topology-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
memcached-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
memcached-exporter-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
metrics-collector-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
multicloud-manager-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
multiclusterhub-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
multiclusterhub-repo-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
multicluster-observability-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
multicluster-operators-application-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
multicluster-operators-channel-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
multicluster-operators-deployable-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
multicluster-operators-placementrule-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
multicluster-operators-subscription-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
multicluster-operators-subscription-release-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
observatorium-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
observatorium-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
openshift-hive-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
rbac-query-proxy-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
rcm-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
redisgraph-tls-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
registration-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
registration-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
search-aggregator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
search-api-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
search-collector-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
search-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
search-ui-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
submariner-addon-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
thanos-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
thanos-receive-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
work-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:1499 | 2021-05-04T00:00:00Z |
acmesolver-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
acm-must-gather-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
acm-operator-bundle-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
application-ui-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
cainjector-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
cert-manager-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
cert-manager-webhook-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
cert-policy-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
clusterlifecycle-state-metrics-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
configmap-watcher-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
config-policy-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
console-api-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
console-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
console-header-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
endpoint-component-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
endpoint-monitoring-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
endpoint-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
governance-policy-propagator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
governance-policy-spec-sync-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
governance-policy-status-sync-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
governance-policy-template-sync-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
grafana-dashboard-loader-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
grc-ui-api-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
grc-ui-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
iam-policy-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
klusterlet-addon-lease-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
klusterlet-operator-bundle-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
kui-web-terminal-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
management-ingress-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
mcm-topology-api-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
mcm-topology-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
memcached-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
memcached-exporter-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
metrics-collector-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
multicloud-manager-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
multiclusterhub-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
multiclusterhub-repo-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
multicluster-observability-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
multicluster-operators-application-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
multicluster-operators-channel-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
multicluster-operators-deployable-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
multicluster-operators-placementrule-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
multicluster-operators-subscription-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
multicluster-operators-subscription-release-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
observatorium-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
observatorium-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
openshift-hive-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
rbac-query-proxy-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
rcm-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
redisgraph-tls-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
registration-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
registration-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
search-aggregator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
search-api-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
search-collector-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
search-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
search-ui-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
submariner-addon-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
thanos-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
thanos-receive-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
work-container | cpe:/a:redhat:acm:2.2::el7 | RHSA-2021:2461 | 2021-06-16T00:00:00Z |
Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 | |||
rhacm2/console-api-rhel8:v2.3.0-63 | cpe:/a:redhat:acm:2.3::el8 | RHSA-2021:3016 | 2021-08-06T00:00:00Z |
rhacm2/search-ui-rhel8:v2.3.0-59 | cpe:/a:redhat:acm:2.3::el8 | RHSA-2021:3016 | 2021-08-06T00:00:00Z |
Red Hat OpenShift Container Platform 4.8 | |||
openshift4/ose-thanos-rhel8:v4.8.0-202106291913.p0.git.c358e96.assembly.stream | cpe:/a:redhat:openshift:4.8::el8 | RHSA-2021:2438 | 2021-07-27T00:00:00Z |
Red Hat OpenShift Container Platform 4.9 | |||
openshift4/ose-prometheus:v4.9.0-202109302016.p0.git.3197fa7.assembly.stream | cpe:/a:redhat:openshift:4.9::el8 | RHSA-2021:3759 | 2021-10-18T00:00:00Z |
References
History
Sun, 08 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:acm:2.2::el7 |
Mon, 19 Aug 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:acm:2.2::el8 |
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-12T21:31:35
Updated: 2024-08-03T21:33:17.358Z
Reserved: 2021-03-08T00:00:00
Link: CVE-2021-28092
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-03-12T22:15:14.983
Modified: 2024-11-21T05:59:04.550
Link: CVE-2021-28092
Redhat