{
  "threat_severity" : "Moderate",
  "public_date" : "2021-11-02T00:00:00Z",
  "bugzilla" : {
    "description" : "validator: Inefficient Regular Expression Complexity in Validator.js",
    "id" : "2126299",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2126299"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-1333",
  "details" : [ "validator.js is vulnerable to Inefficient Regular Expression Complexity", "A vulnerability was found in the validator package. Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availability." ],
  "affected_release" : [ {
    "product_name" : "RHODF-4.12-RHEL-8",
    "release_date" : "2023-12-14T00:00:00Z",
    "advisory" : "RHSA-2023:7820",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.12::el8",
    "package" : "odf4/mcg-core-rhel8:v4.12.10-2"
  }, {
    "product_name" : "RHODF-4.13-RHEL-9",
    "release_date" : "2023-06-21T00:00:00Z",
    "advisory" : "RHSA-2023:3742",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.13::el9",
    "package" : "odf4/mcg-core-rhel9:v4.13.0-41"
  } ],
  "package_state" : [ {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Fix deferred",
    "package_name" : "migration-toolkit-virtualization/mtv-ui-rhel8",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Not affected",
    "package_name" : "rhacm2/console-rhel8",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Will not fix",
    "package_name" : "rhacm2/grc-ui-rhel8",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Decision Manager 7",
    "fix_state" : "Out of support scope",
    "package_name" : "validator",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "pcs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Will not fix",
    "package_name" : "openshift4/ose-console",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat Openshift Container Storage 4",
    "fix_state" : "Affected",
    "package_name" : "ocs4/mcg-core-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_container_storage:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Affected",
    "package_name" : "noobaa-core-container",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Will not fix",
    "package_name" : "odf4/odf-console-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Will not fix",
    "package_name" : "odf4/odf-multicluster-console-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "fix_state" : "Out of support scope",
    "package_name" : "validator",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-3765\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3765\nhttps://huntr.dev/bounties/c37e975c-21a3-4c5f-9b57-04d63b28cfc9" ],
  "name" : "CVE-2021-3765",
  "csaw" : false
}