VDB

RHSA-2022%3A0227

RHSA-2022%3A0227 PUBLISHED CVSS 7.5 HIGH

A regular expression denial of service (ReDoS) vulnerability was found in the npm library `ua-parser-js`. If a supplied user agent matches the `Noble` string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces supplied. An attacker can use this vulnerability to potentially craft a malicious user agent resulting in a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le as a component of OpenShift Logging 5.3openshift-logging/fluentd-rhel8@sha256:4cf7cc86ccb8059ee5083d6e68a413e1db804ff45e126a9f87b1d52e8dd82855_ppc64le
Red Hatopenshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64 as a component of OpenShift Logging 5.3openshift-logging/elasticsearch-rhel8-operator@sha256:1e342d10db70e1b160f906c65e6caa25aa64c519dd7ae7e8233fe2fe65121207_amd64
Red Hatopenshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le as a component of OpenShift Logging 5.3openshift-logging/logging-curator5-rhel8@sha256:04cb0712418289fc446752a0c274d1036886312b7a63b54ebbeeab1421c10924_ppc64le
Red Hatopenshift-logging/logging-curator5-rhel8@sha256:1d900ee34e14094e24b855acfbeec3f2f3c82f3fcc07d3b4cebe5e92ea1a8fde_s390x as a component of OpenShift Logging 5.3*
Red Hatopenshift-logging/eventrouter-rhel8@sha256:b1b03c78595d10ae30b5a35983784eaea11f1f9763944b2f9938117149bdd511_ppc64le as a component of OpenShift Logging 5.3*
Red Hatopenshift-logging/elasticsearch-rhel8-operator@sha256:f7e2c329f04793173ae4412aa096cf86ce7225c94b059c56d8c9e7dbe71b9a19_s390x as a component of OpenShift Logging 5.3*
Red Hatopenshift-logging/cluster-logging-rhel8-operator@sha256:9f622b5daa152e2b8d94fa12defc3c08d93fddb34b1b4edbf841da5f00d7918d_ppc64le as a component of OpenShift Logging 5.3*
Red Hatopenshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64 as a component of OpenShift Logging 5.3openshift-logging/fluentd-rhel8@sha256:ae0cf89749b44739b6f2560c3f6527cee2606b67388a7d965dd76644a25420f5_amd64
Red Hatopenshift-logging/eventrouter-rhel8@sha256:440473f04ef4cfd1d016063daabf011eb2ba6b9acea96312a72f215277333e53_s390x as a component of OpenShift Logging 5.3*
Red Hatopenshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le as a component of OpenShift Logging 5.3openshift-logging/elasticsearch-rhel8-operator@sha256:1209bca75d71152af832b0e11dfee461f4c6fdbeda6b91743e637ce453702f3c_ppc64le
Red Hatopenshift-logging/cluster-logging-rhel8-operator@sha256:6c544de84925d0e3883a5d091c17a33362a0138271bbbda6663eb1407f98e0c5_s390x as a component of OpenShift Logging 5.3*
Red Hatopenshift-logging/elasticsearch6-rhel8@sha256:ac206b3da24eb8df95e2e3b0bec234e84b8e5ef7000234f069855b73de77d846_s390x as a component of OpenShift Logging 5.3*
Red Hatopenshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64 as a component of OpenShift Logging 5.3openshift-logging/log-file-metric-exporter-rhel8@sha256:25f94f0e27668fe254b7ff74731d39b7ed9f6c278c52dcf759893d9a1abe4895_amd64
Red Hatopenshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64 as a component of OpenShift Logging 5.3openshift-logging/logging-curator5-rhel8@sha256:b722f8982018f215a0a1566a561d742f1f7d99a2b507b8a7e874f6db1a6fef08_amd64
Red Hatopenshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x as a component of OpenShift Logging 5.3openshift-logging/fluentd-rhel8@sha256:4b114196ac78f93575475437a794c881fe79126f3e73fed1fe5ea9f89fcdb6c1_s390x
Red Hatopenshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64 as a component of OpenShift Logging 5.3openshift-logging/elasticsearch-proxy-rhel8@sha256:37eda3069f8fb47a90b0adef38e93df074dbe57821e3c306da03e2c1e267e9ed_amd64
Red Hatopenshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64 as a component of OpenShift Logging 5.3openshift-logging/cluster-logging-operator-bundle@sha256:1eab02e25f64839b15747d2bb8e0e6f8c3f632e9372a5ee926cde2c1e5cbc998_amd64
Red Hatopenshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le as a component of OpenShift Logging 5.3openshift-logging/elasticsearch6-rhel8@sha256:a8942268c538c264d5a7950f91106c44b1a431262a7af31ed02bed79f1c22d93_ppc64le
Red Hatopenshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le as a component of OpenShift Logging 5.3openshift-logging/kibana6-rhel8@sha256:278eb4ecec21f235a26693b3f6c1b0cdfab5635f5a5ac51dd0540c6ab69c1316_ppc64le
Red Hatopenshift-logging/log-file-metric-exporter-rhel8@sha256:fd70baba0ba7a59a994ca33527ecb2575ab199daeb4ecd34581cccf0db246c59_s390x as a component of OpenShift Logging 5.3*

…and 9 more

Timeline

  • Jan 20, 2022 CVE Published
  • Mar 20, 2026 CVE Updated
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›