10 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-25887
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic ...
Security Bulletin: Denial of Service vulnerability affects IBM Business Automation Workflow - CVE-2022-25887
Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2022-25887 DESCRIPTION: Node.js sanitize-html module is vulnerable to a denial of service, caused by insecure global regular expression replacement logic of HTML comment removal. ...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to denial of service due to CVE-2022-25887
Summary Node.js module sanitize-html is used internally by IBM App Connect Enterprise Certified Container for parsing error messages. IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to denial of service when processing error messages. This bulletin provides patch...
Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.2 security update and bug fixes
Red Hat Advanced Cluster Management for Kubernetes 2.6.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID:CVE-2022-25887 DESCRIPTION: Node.js sanitize-html module is vulnerable to a denial of service, caused by insecure global regular expression replacement logic of HTML comme...
08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +6405 more potentially affected by CVE-2022-25887 via sanitize-html (>=0.1.4 <=2.7.0)
sanitize-html NPM version =0.1.4, =1.0.0, =0.15.4, =4.11.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.74, =0.0.14, =0.0.1, =0.0.1, =0.6.0, =3.0.19, =3.0.25 and more Source cves: CVE-2022-25887 Source advisory: OSV:GHSA-CGFM-XWP7-2CVR...
CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887 Regular Expression Denial of Service (ReDoS)
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887
CVE-2022-25887 affects the Node.js package Sanitize-html up to version 2.7.1, vulnerable to a Regular Expression Denial of Service (ReDoS) caused by insecure global regex replacement during HTML comment removal. The NVD entry reports a CVSS v3.1 base score of 7.5 (high impact) with network attack...