7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.5%
A vulnerability in the parseQuery() function of the Webpack loader-utilss package is related to improperly controlled
modification of object characteristic attributes. Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary JavaScript code
Ansi-regex ANSI regular expression escape code comparison library vulnerability is related to
uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service
Vulnerability of interpolateName() function via resourcePath variable of Webpack loader-utils package is related to
inefficient regular expression complexity. Exploitation of the vulnerability could allow an attacker,
acting remotely, to cause a denial of service
A vulnerability in the Tough-cookie package of the Node.js software platform is related to insufficient control over the modification of dynamically defined object characteristics.
modification of dynamically defined object characteristics. Exploitation of the vulnerability could allow
a remote attacker to execute arbitrary JavaScript code
Vulnerability of interpolateName() function of Webpack loader-utils package is related to inefficient complexity of regular expressions.
of regular expressions. Exploitation of the vulnerability could allow an attacker acting remotely to cause a
denial of service
A vulnerability in the decode-uri-component library is related to improper input validation. Exploitation
exploitation of this vulnerability could allow a remote attacker to cause a denial of service.
A vulnerability in the mapValues() function of the Async service module for handling asynchronous JavaScript is related to an
improperly controlled modification of object prototype attributes. Exploitation of the vulnerability could
allow an attacker acting remotely to escalate privileges
The JavaScript terser compression/compression toolkit vulnerability is related to the inefficient
regular expression complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
remotely to cause a denial of service
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | opensearch-dashboards | <= 2.13.0-1 | UNKNOWN |
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.5%