VDB
RHSA-2023%3A0930
RHSA-2023%3A0930
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64 as a component of RHOL 5.5 for RHEL 8 | openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64 |
| Red Hat | openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64 as a component of RHOL 5.5 for RHEL 8 | openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64 |
| Red Hat | openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64 as a component of RHOL 5.5 for RHEL 8 | openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64 |
| Red Hat | openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le as a component of RHOL 5.5 for RHEL 8 | openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le |
| Red Hat | openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x as a component of RHOL 5.5 for RHEL 8 | * |
| Red Hat | openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64 as a component of RHOL 5.5 for RHEL 8 | * |
| Red Hat | openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64 as a component of RHOL 5.5 for RHEL 8 | openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64 |
| Red Hat | openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64 as a component of RHOL 5.5 for RHEL 8 | openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64 |
| Red Hat | openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x as a component of RHOL 5.5 for RHEL 8 | openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le as a component of RHOL 5.5 for RHEL 8 | openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le as a component of RHOL 5.5 for RHEL 8 | * |
| Red Hat | openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64 as a component of RHOL 5.5 for RHEL 8 | openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64 |
| Red Hat | openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x as a component of RHOL 5.5 for RHEL 8 | openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x as a component of RHOL 5.5 for RHEL 8 | openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x |
| Red Hat | openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le as a component of RHOL 5.5 for RHEL 8 | * |
| Red Hat | openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le as a component of RHOL 5.5 for RHEL 8 | openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le |
| Red Hat | openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le as a component of RHOL 5.5 for RHEL 8 | openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le |
| Red Hat | openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64 as a component of RHOL 5.5 for RHEL 8 | openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64 |
| Red Hat | openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64 as a component of RHOL 5.5 for RHEL 8 | openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64 |
| Red Hat | openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64 as a component of RHOL 5.5 for RHEL 8 | * |
…and 106 more
Timeline
- Mar 8, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:0930 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2150323 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2161274 issue
- https://issues.redhat.com/browse/LOG-3630 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0930.json advisory
- https://access.redhat.com/security/cve/CVE-2022-24999 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-24999 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-24999 advisory
- https://github.com/expressjs/express/releases/tag/4.17.3 advisory
- https://github.com/ljharb/qs/pull/428 advisory
- https://github.com/n8tz/CVE-2022-24999 advisory
- https://access.redhat.com/security/cve/CVE-2022-41717 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-41717 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-41717 advisory
- https://go.dev/cl/455635 advisory
- https://go.dev/cl/455717 advisory
- https://go.dev/issue/56350 advisory
- https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ advisory
- https://pkg.go.dev/vuln/GO-2022-1144 advisory