VDB
RHSA-2022%3A0230
RHSA-2022%3A0230
PUBLISHED
CVSS 7.5 HIGH
A regular expression denial of service (ReDoS) vulnerability was found in the npm library `ua-parser-js`. If a supplied user agent matches the `Noble` string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces supplied. An attacker can use this vulnerability to potentially craft a malicious user agent resulting in a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64 as a component of OpenShift Logging 5.2 | openshift-logging/elasticsearch6-rhel8@sha256:d78003468c5d530a8dddd9841ecd23921b6987187ef09a0b97eeda0e7e914c94_amd64 |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le as a component of OpenShift Logging 5.2 | openshift-logging/elasticsearch-proxy-rhel8@sha256:26e82e33639172e754d954c2de492f7ec0bff4760c7284fe85231d74e83da3cc_ppc64le |
| Red Hat | openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x as a component of OpenShift Logging 5.2 | openshift-logging/eventrouter-rhel8@sha256:d5ae1f16eec322d9c9fb5604641cb038a831a0c7de331feb2999775e7958ed55_s390x |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64 as a component of OpenShift Logging 5.2 | openshift-logging/log-file-metric-exporter-rhel8@sha256:59abfdea0e2fbafa7355967f3dc43700b82907aeaea520a10a87d4a77adc5963_amd64 |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64 as a component of OpenShift Logging 5.2 | openshift-logging/elasticsearch-proxy-rhel8@sha256:bda4a51803d41c805074962d4207f0c56a4248d50d09bcd01017d55ea974166f_amd64 |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64 as a component of OpenShift Logging 5.2 | openshift-logging/elasticsearch-rhel8-operator@sha256:2f7f3178fff00f6096e340392dfe2e005f7fa6553eae194cb765dd026432d010_amd64 |
| Red Hat | openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64 as a component of OpenShift Logging 5.2 | openshift-logging/cluster-logging-rhel8-operator@sha256:ec5a23b5aabdf0103bfe6a19abbf5ff8911b8d0b48b72167517506b53cd32e71_amd64 |
| Red Hat | openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le as a component of OpenShift Logging 5.2 | openshift-logging/logging-curator5-rhel8@sha256:c93eef1216995a01b8a76d547798b4a327d8fd2be746c40cf4e3b6cc84cea56c_ppc64le |
| Red Hat | openshift-logging/cluster-logging-rhel8-operator@sha256:34c1103c3d1fa2f4edc3629c5708ec29828627101eb57dd7256a91d247f30fde_ppc64le as a component of OpenShift Logging 5.2 | * |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x as a component of OpenShift Logging 5.2 | openshift-logging/elasticsearch-rhel8-operator@sha256:c4029eab5cf3ef8e00f774a04b786003e31073c85a585f50689009110d2a5f76_s390x |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:48b2b1685ae38774ec04f860f11a246838f8925be0b5adc0ec60bbde57419fb1_ppc64le as a component of OpenShift Logging 5.2 | * |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel8@sha256:c347e82a481d60f52e5fc9cfd0634dd69e82db309de5e1eedf12832461f2e399_ppc64le as a component of OpenShift Logging 5.2 | * |
| Red Hat | openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x as a component of OpenShift Logging 5.2 | openshift-logging/logging-curator5-rhel8@sha256:640ff6c8d8c3c16ba43f87f4d323e93d7d8cdae1df44d7220c79083e8284ebd6_s390x |
| Red Hat | openshift-logging/kibana6-rhel8@sha256:8da444779bc4d8fefb85fe2a373d4f4280db9c41198e321e74b6cab05aed6922_amd64 as a component of OpenShift Logging 5.2 | * |
| Red Hat | openshift-logging/elasticsearch-operator-bundle@sha256:e33d3f89fa14cef83be2bf1d15cf5bb1df57ffd9258902613a2a1309cbc11981_amd64 as a component of OpenShift Logging 5.2 | * |
| Red Hat | openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le as a component of OpenShift Logging 5.2 | openshift-logging/elasticsearch6-rhel8@sha256:42925c7c419dd52bf611e6860b3c989ba396f9e5f1d9a459f5db6b958f932552_ppc64le |
| Red Hat | openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x as a component of OpenShift Logging 5.2 | openshift-logging/fluentd-rhel8@sha256:a1f3ef5cafecc311f1c206ea40fda0f53badc8a520d30ad4461a25a2177cc393_s390x |
| Red Hat | openshift-logging/logging-curator5-rhel8@sha256:3dbc18048c93b6281f14b3472ed538a20b12b7e6c0524d61afda291b5bf11541_amd64 as a component of OpenShift Logging 5.2 | * |
| Red Hat | openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64 as a component of OpenShift Logging 5.2 | openshift-logging/fluentd-rhel8@sha256:2ce16348308819fb21fa98c69ca56eb70b62cf36fb1c233d1928764b393dd3f0_amd64 |
| Red Hat | openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le as a component of OpenShift Logging 5.2 | openshift-logging/fluentd-rhel8@sha256:ac04d56e69fa742413b95177b2298502b8f9108be6bceb96b8ea4f9afbed5f74_ppc64le |
…and 9 more
Timeline
- Jan 21, 2022 CVE Published
- Mar 20, 2026 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2022:0230 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1940613 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2035951 issue
- https://issues.redhat.com/browse/LOG-2104 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0230.json advisory
- https://access.redhat.com/security/cve/CVE-2021-27292 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-27292 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-27292 advisory
- https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76 advisory
- https://access.redhat.com/security/cve/CVE-2021-44832 advisory
- https://www.cve.org/CVERecord?id=CVE-2021-44832 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-44832 advisory
- https://issues.apache.org/jira/browse/LOG4J2-3293 advisory