This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Weakness
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http-cache-semantics | Http-cache-semantics_project | * | 4.1.1 (excluding) |
| Multicluster engine for Kubernetes 2.2 for RHEL 8 | RedHat | multicluster-engine/console-mce-rhel8:v2.2.3-13 | * |
| Multicluster engine for Kubernetes 2.2 for RHEL 8 | RedHat | multicluster-engine/multicluster-engine-console-mce-rhel8:v2.2.3-13 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8 | RedHat | rhacm2/acm-search-v2-api-rhel8:v2.7.3-5 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.7 for RHEL 8 | RedHat | rhacm2/console-rhel8:v2.7.3-16 | * |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:16-8070020230314140722.bd1311ed | * |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:18-8070020230322080930.bd1311ed | * |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:14-8070020230306170042.bd1311ed | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support | RedHat | nodejs:14-8040020230306170312.522a0ee4 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | nodejs:14-8060020230306170237.ad008a3a | * |
| Red Hat Enterprise Linux 9 | RedHat | nodejs:18-9020020230327152102.rhel9 | * |
| Red Hat Enterprise Linux 9 | RedHat | nodejs-1:16.19.1-1.el9_2 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | nodejs-1:16.20.2-1.el9_0 | * |
| Red Hat Migration Toolkit for Containers 1.7 | RedHat | rhmtc/openshift-migration-ui-rhel8:v1.7.8-5 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-nodejs14-0:3.6-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-nodejs14-nodejs-0:14.21.3-2.el7 | * |
| RHINT Service Registry 2.4.3 GA | RedHat | http-cache-semantics | * |
Extended Description
Attackers can create crafted inputs that
intentionally cause the regular expression to use
excessive backtracking in a way that causes the CPU
consumption to spike.
Potential Mitigations
Related Attack Patterns
References
- https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83
- https://security.netapp.com/advisory/ntap-20230622-0008/
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332
- https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783
- https://github.com/kornelski/http-cache-semantics/blob/master/index.js%23L83
- https://security.netapp.com/advisory/ntap-20230622-0008/
- https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-3253332
- https://security.snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783