VDB

RHSA-2022%3A0230

RHSA-2022%3A0230 PUBLISHED CVSS 7.5 HIGH

A regular expression denial of service (ReDoS) vulnerability was found in the npm library `ua-parser-js`. If a supplied user agent matches the `Noble` string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces supplied. An attacker can use this vulnerability to potentially craft a malicious user agent resulting in a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64 as a component of OpenShift Logging 5.2openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64
Red Hatopenshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le as a component of OpenShift Logging 5.2openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le
Red Hatopenshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x as a component of OpenShift Logging 5.2openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x
Red Hatopenshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64 as a component of OpenShift Logging 5.2openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64
Red Hatopenshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64 as a component of OpenShift Logging 5.2openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64
Red Hatopenshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64 as a component of OpenShift Logging 5.2openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64
Red Hatopenshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64 as a component of OpenShift Logging 5.2openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64
Red Hatopenshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le as a component of OpenShift Logging 5.2openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le
Red Hatopenshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le as a component of OpenShift Logging 5.2*
Red Hatopenshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x as a component of OpenShift Logging 5.2openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x
Red Hatopenshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le as a component of OpenShift Logging 5.2*
Red Hatopenshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le as a component of OpenShift Logging 5.2*
Red Hatopenshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x as a component of OpenShift Logging 5.2openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x
Red Hatopenshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64 as a component of OpenShift Logging 5.2*
Red Hatopenshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64 as a component of OpenShift Logging 5.2*
Red Hatopenshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le as a component of OpenShift Logging 5.2openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le
Red Hatopenshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x as a component of OpenShift Logging 5.2openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x
Red Hatopenshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64 as a component of OpenShift Logging 5.2*
Red Hatopenshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64 as a component of OpenShift Logging 5.2openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64
Red Hatopenshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le as a component of OpenShift Logging 5.2openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le

…and 9 more

Timeline

  • Jan 21, 2022 CVE Published
  • Mar 20, 2026 CVE Updated
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Distribution Patch
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
  • May 1, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›