VDB

RHSA-2023%3A0930

RHSA-2023%3A0930 PUBLISHED CVSS 7.5 HIGH

A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64 as a component of RHOL 5.5 for RHEL 8openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64
Red Hatopenshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64 as a component of RHOL 5.5 for RHEL 8openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64
Red Hatopenshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64 as a component of RHOL 5.5 for RHEL 8openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64
Red Hatopenshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le as a component of RHOL 5.5 for RHEL 8openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le
Red Hatopenshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x as a component of RHOL 5.5 for RHEL 8*
Red Hatopenshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64 as a component of RHOL 5.5 for RHEL 8*
Red Hatopenshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64 as a component of RHOL 5.5 for RHEL 8openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64
Red Hatopenshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64 as a component of RHOL 5.5 for RHEL 8openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64
Red Hatopenshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x as a component of RHOL 5.5 for RHEL 8openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x
Red Hatopenshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le as a component of RHOL 5.5 for RHEL 8openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le
Red Hatopenshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le as a component of RHOL 5.5 for RHEL 8*
Red Hatopenshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64 as a component of RHOL 5.5 for RHEL 8openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64
Red Hatopenshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x as a component of RHOL 5.5 for RHEL 8openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x
Red Hatopenshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x as a component of RHOL 5.5 for RHEL 8openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x
Red Hatopenshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le as a component of RHOL 5.5 for RHEL 8*
Red Hatopenshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le as a component of RHOL 5.5 for RHEL 8openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le
Red Hatopenshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le as a component of RHOL 5.5 for RHEL 8openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le
Red Hatopenshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64 as a component of RHOL 5.5 for RHEL 8openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64
Red Hatopenshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64 as a component of RHOL 5.5 for RHEL 8openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64
Red Hatopenshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64 as a component of RHOL 5.5 for RHEL 8*

…and 106 more

Timeline

  • Mar 8, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 30, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›