{
  "threat_severity" : "Important",
  "public_date" : "2023-06-22T00:00:00Z",
  "bugzilla" : {
    "description" : "word-wrap: ReDoS",
    "id" : "2216827",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2216827"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-1333",
  "details" : [ "All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.", "A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service." ],
  "affected_release" : [ {
    "product_name" : "NETWORK-OBSERVABILITY-1.4.0-RHEL-9",
    "release_date" : "2023-09-28T00:00:00Z",
    "advisory" : "RHSA-2023:5379",
    "cpe" : "cpe:/a:redhat:network_observ_optr:1.4.0::el9",
    "package" : "network-observability/network-observability-console-plugin-rhel9:v1.4.0-42"
  }, {
    "product_name" : "NETWORK-OBSERVABILITY-1.4.0-RHEL-9",
    "release_date" : "2023-09-28T00:00:00Z",
    "advisory" : "RHSA-2023:5379",
    "cpe" : "cpe:/a:redhat:network_observ_optr:1.4.0::el9",
    "package" : "network-observability/network-observability-ebpf-agent-rhel9:v1.4.0-42"
  }, {
    "product_name" : "NETWORK-OBSERVABILITY-1.4.0-RHEL-9",
    "release_date" : "2023-09-28T00:00:00Z",
    "advisory" : "RHSA-2023:5379",
    "cpe" : "cpe:/a:redhat:network_observ_optr:1.4.0::el9",
    "package" : "network-observability/network-observability-flowlogs-pipeline-rhel9:v1.4.0-42"
  }, {
    "product_name" : "NETWORK-OBSERVABILITY-1.4.0-RHEL-9",
    "release_date" : "2023-09-28T00:00:00Z",
    "advisory" : "RHSA-2023:5379",
    "cpe" : "cpe:/a:redhat:network_observ_optr:1.4.0::el9",
    "package" : "network-observability/network-observability-operator-bundle:1.4.0-55"
  }, {
    "product_name" : "NETWORK-OBSERVABILITY-1.4.0-RHEL-9",
    "release_date" : "2023-09-28T00:00:00Z",
    "advisory" : "RHSA-2023:5379",
    "cpe" : "cpe:/a:redhat:network_observ_optr:1.4.0::el9",
    "package" : "network-observability/network-observability-rhel9-operator:v1.4.0-42"
  }, {
    "product_name" : "Red Hat Migration Toolkit for Containers 1.8",
    "release_date" : "2023-10-05T00:00:00Z",
    "advisory" : "RHSA-2023:5447",
    "cpe" : "cpe:/a:redhat:rhmt:1.8::el8",
    "package" : "rhmtc/openshift-migration-ui-rhel8:v1.8.0-7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.14",
    "release_date" : "2023-10-31T00:00:00Z",
    "advisory" : "RHSA-2023:5006",
    "cpe" : "cpe:/a:redhat:openshift:4.14::el8",
    "package" : "openshift4/ose-monitoring-plugin-rhel8:v4.14.0-202310201027.p0.g8757197.assembly.stream"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.14",
    "release_date" : "2023-12-12T00:00:00Z",
    "advisory" : "RHSA-2023:7681",
    "cpe" : "cpe:/a:redhat:openshift:4.14::el8",
    "package" : "openshift4/nmstate-console-plugin-rhel8:v4.14.0-202312011333.p0.g8dc4a62.assembly.stream"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.13",
    "release_date" : "2024-10-29T00:00:00Z",
    "advisory" : "RHSA-2024:8581",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.13::el8",
    "package" : "openshift-gitops-1/console-plugin-rhel8:v1.13.2-4"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.14",
    "release_date" : "2024-09-18T00:00:00Z",
    "advisory" : "RHEA-2024:6787",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.14::el8",
    "package" : "openshift-gitops-1/console-plugin-rhel8:v1.14.0-16"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.15",
    "release_date" : "2024-12-12T00:00:00Z",
    "advisory" : "RHEA-2024:11005",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8",
    "package" : "openshift-gitops-1/console-plugin-rhel8:v1.15.0-15"
  }, {
    "product_name" : "RHODF-4.13-RHEL-9",
    "release_date" : "2023-09-27T00:00:00Z",
    "advisory" : "RHSA-2023:5376",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.13::el9",
    "package" : "odf4/odf-console-rhel9:v4.13.3-1"
  }, {
    "product_name" : "RHOL-5.7-RHEL-8",
    "release_date" : "2023-07-12T00:00:00Z",
    "advisory" : "RHSA-2023:3998",
    "cpe" : "cpe:/a:redhat:logging:5.7::el8",
    "package" : "openshift-logging/logging-view-plugin-rhel8:v5.7.3-6"
  } ],
  "package_state" : [ {
    "product_name" : "A-MQ Interconnect 1",
    "fix_state" : "Not affected",
    "package_name" : "word-wrap",
    "cpe" : "cpe:/a:redhat:amq_interconnect:1"
  }, {
    "product_name" : "Cryostat 2",
    "fix_state" : "Not affected",
    "package_name" : "word-wrap",
    "cpe" : "cpe:/a:redhat:cryostat:2"
  }, {
    "product_name" : "Migration Toolkit for Applications 6",
    "fix_state" : "Affected",
    "package_name" : "mta/mta-ui-rhel8",
    "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6"
  }, {
    "product_name" : "Migration Toolkit for Runtimes",
    "fix_state" : "Not affected",
    "package_name" : "org.jboss.windup-windup-parent",
    "cpe" : "cpe:/a:redhat:migration_toolkit_runtimes:1"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Will not fix",
    "package_name" : "migration-toolkit-virtualization/mtv-ui-rhel8",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "OpenShift Pipelines",
    "fix_state" : "Out of support scope",
    "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_pipelines:1"
  }, {
    "product_name" : "OpenShift Service Mesh 2",
    "fix_state" : "Will not fix",
    "package_name" : "openshift-service-mesh/kiali-rhel8",
    "cpe" : "cpe:/a:redhat:service_mesh:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Will not fix",
    "package_name" : "acm-cluster-templates-console-plugin-container",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Not affected",
    "package_name" : "rhacm2/console-rhel8",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Affected",
    "package_name" : "rhacm2/search-api-rhel8",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Will not fix",
    "package_name" : "advanced-cluster-security/rhacs-main-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4",
    "fix_state" : "Will not fix",
    "package_name" : "advanced-cluster-security/rhacs-main-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4"
  }, {
    "product_name" : "Red Hat A-MQ Online",
    "fix_state" : "Not affected",
    "package_name" : "word-wrap",
    "cpe" : "cpe:/a:redhat:amq_online:1"
  }, {
    "product_name" : "Red Hat build of Apicurio Registry 2",
    "fix_state" : "Not affected",
    "package_name" : "word-wrap",
    "cpe" : "cpe:/a:redhat:service_registry:2"
  }, {
    "product_name" : "Red Hat build of OptaPlanner 8",
    "fix_state" : "Will not fix",
    "package_name" : "word-wrap",
    "cpe" : "cpe:/a:redhat:optaplanner:::el6"
  }, {
    "product_name" : "Red Hat Data Grid 8",
    "fix_state" : "Not affected",
    "package_name" : "word-wrap",
    "cpe" : "cpe:/a:redhat:jboss_data_grid:8"
  }, {
    "product_name" : "Red Hat Decision Manager 7",
    "fix_state" : "Out of support scope",
    "package_name" : "word-wrap",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
  }, {
    "product_name" : "Red Hat Discovery 1",
    "fix_state" : "Will not fix",
    "package_name" : "discovery-server-container",
    "cpe" : "cpe:/a:redhat:discovery:1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "cockpit",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "cockpit-appstream",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "cockpit-podman",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "grafana",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "pcs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "grafana",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "pcs",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Not affected",
    "package_name" : "word-wrap",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat Integration Camel K 1",
    "fix_state" : "Not affected",
    "package_name" : "word-wrap",
    "cpe" : "cpe:/a:redhat:integration:1",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Will not fix",
    "package_name" : "openshift4/ose-console",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat Openshift Container Storage 4",
    "fix_state" : "Affected",
    "package_name" : "ocs4/mcg-core-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_container_storage:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/mcg-core-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat OpenShift Data Science (RHODS)",
    "fix_state" : "Affected",
    "package_name" : "rhods/odh-dashboard-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_data_science"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces",
    "fix_state" : "Affected",
    "package_name" : "devspaces/dashboard-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3"
  }, {
    "product_name" : "Red Hat OpenShift GitOps",
    "fix_state" : "Affected",
    "package_name" : "openshift-gitops-1/argocd-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps",
    "fix_state" : "Not affected",
    "package_name" : "openshift-gitops-1/argo-rollouts-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1"
  }, {
    "product_name" : "Red Hat OpenShift Virtualization 4",
    "fix_state" : "Affected",
    "package_name" : "container-native-virtualization/kubevirt-console-plugin",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4"
  }, {
    "product_name" : "Red Hat OpenShift Virtualization 4",
    "fix_state" : "Affected",
    "package_name" : "container-native-virtualization/kubevirt-console-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "fix_state" : "Out of support scope",
    "package_name" : "word-wrap",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
  }, {
    "product_name" : "Red Hat Quay 3",
    "fix_state" : "Will not fix",
    "package_name" : "quay/quay-rhel8",
    "cpe" : "cpe:/a:redhat:quay:3"
  }, {
    "product_name" : "Red Hat Single Sign-On 7",
    "fix_state" : "Not affected",
    "package_name" : "word-wrap",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-26115\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-26115" ],
  "name" : "CVE-2023-26115",
  "csaw" : false
}