path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.
Weakness
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Discovery 1 for RHEL 9 | RedHat | discovery/discovery-server-rhel9:1.12.0-1 | * |
| Discovery 1 for RHEL 9 | RedHat | discovery/discovery-ui-rhel9:1.12.0-1 | * |
| HawtIO 4.0.0 for Red Hat build of Apache Camel 4 | RedHat | path-to-regexp | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 8 | RedHat | multicluster-engine/assisted-image-service-rhel8:v2.6.4-4 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 8 | RedHat | multicluster-engine/assisted-installer-agent-rhel8:v2.6.4-7 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 8 | RedHat | multicluster-engine/assisted-installer-controller-rhel8:v2.6.4-6 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 8 | RedHat | multicluster-engine/assisted-installer-rhel8:v2.6.4-7 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 8 | RedHat | multicluster-engine/assisted-service-8-rhel8:v2.6.4-11 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/addon-manager-rhel9:v2.6.4-14 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/assisted-service-9-rhel9:v2.6.4-11 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/backplane-rhel9-operator:v2.6.4-21 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/cluster-api-provider-agent-rhel9:v2.6.4-6 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/cluster-api-provider-kubevirt-rhel9:v2.6.4-4 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/cluster-api-rhel9:v2.6.4-4 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/clusterclaims-controller-rhel9:v2.6.4-6 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/cluster-curator-controller-rhel9:v2.6.4-6 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/cluster-image-set-controller-rhel9:v2.6.4-6 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/clusterlifecycle-state-metrics-rhel9:v2.6.4-7 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/cluster-proxy-addon-rhel9:v2.6.4-6 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/cluster-proxy-rhel9:v2.6.4-5 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/console-mce-rhel9:v2.6.4-19 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/discovery-rhel9:v2.6.4-14 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/hive-rhel9:v2.6.4-6 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/hypershift-addon-rhel9-operator:v2.6.4-6 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/hypershift-cli-rhel9:v2.6.4-24 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/hypershift-rhel9-operator:v2.6.4-23 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/image-based-install-rhel9:v2.6.4-65 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/kube-rbac-proxy-mce-rhel9:v2.6.4-3 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/managedcluster-import-controller-rhel9:v2.6.4-8 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/managed-serviceaccount-rhel9:v2.6.4-14 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/mce-operator-bundle:v2.6.4-47 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/multicloud-manager-rhel9:v2.6.4-6 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/must-gather-rhel9:v2.6.4-18 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/placement-rhel9:v2.6.4-14 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/provider-credential-controller-rhel9:v2.6.4-6 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/registration-operator-rhel9:v2.6.4-14 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/registration-rhel9:v2.6.4-14 | * |
| Multicluster engine for Kubernetes 2.6 for RHEL 9 | RedHat | multicluster-engine/work-rhel9:v2.6.4-14 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 8 | RedHat | multicluster-engine/assisted-service-8-rhel8:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/addon-manager-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/assisted-image-service-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/assisted-installer-agent-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/assisted-installer-controller-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/assisted-installer-rhel9:v2.7.2-2 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/assisted-service-9-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/backplane-rhel9-operator:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/cluster-api-provider-agent-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/cluster-api-provider-kubevirt-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/cluster-api-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/clusterclaims-controller-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/cluster-curator-controller-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/cluster-image-set-controller-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/clusterlifecycle-state-metrics-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/cluster-proxy-addon-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/cluster-proxy-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/console-mce-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/discovery-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/hive-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/hypershift-addon-rhel9-operator:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/hypershift-cli-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/hypershift-rhel9-operator:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/image-based-install-rhel9:v2.7.2-3 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/kube-rbac-proxy-mce-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/managedcluster-import-controller-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/managed-serviceaccount-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/mce-operator-bundle:v2.7.2-3 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/multicloud-manager-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/must-gather-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/placement-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/provider-credential-controller-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/registration-operator-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/registration-rhel9:v2.7.2-1 | * |
| Multicluster engine for Kubernetes 2.7 for RHEL 9 | RedHat | multicluster-engine/work-rhel9:v2.7.2-1 | * |
| NETWORK-OBSERVABILITY-1.7.0-RHEL-9 | RedHat | network-observability/network-observability-cli-rhel9:v1.7.0-67 | * |
| NETWORK-OBSERVABILITY-1.7.0-RHEL-9 | RedHat | network-observability/network-observability-console-plugin-rhel9:v1.7.0-67 | * |
| NETWORK-OBSERVABILITY-1.7.0-RHEL-9 | RedHat | network-observability/network-observability-ebpf-agent-rhel9:v1.7.0-67 | * |
| NETWORK-OBSERVABILITY-1.7.0-RHEL-9 | RedHat | network-observability/network-observability-flowlogs-pipeline-rhel9:v1.7.0-67 | * |
| NETWORK-OBSERVABILITY-1.7.0-RHEL-9 | RedHat | network-observability/network-observability-operator-bundle:1.7.0-86 | * |
| NETWORK-OBSERVABILITY-1.7.0-RHEL-9 | RedHat | network-observability/network-observability-rhel9-operator:v1.7.0-67 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/acm-cluster-permission-rhel9:v2.11.4-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/acm-governance-policy-addon-controller-rhel9:v2.11.4-12 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/acm-governance-policy-framework-addon-rhel9:v2.11.4-13 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/acm-grafana-rhel9:v2.11.4-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/acm-must-gather-rhel9:v2.11.4-12 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/acm-operator-bundle:v2.11.4-47 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/acm-prometheus-config-reloader-rhel9:v2.11.4-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/acm-prometheus-rhel9:v2.11.4-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/acm-search-indexer-rhel9:v2.11.4-10 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/acm-search-v2-api-rhel9:v2.11.4-12 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/acm-search-v2-rhel9:v2.11.4-11 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/acm-volsync-addon-controller-rhel9:v2.11.4-22 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/cert-policy-controller-rhel9:v2.11.4-12 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/cluster-backup-rhel9-operator:v2.11.4-25 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/config-policy-controller-rhel9:v2.11.4-15 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/console-rhel9:v2.11.4-17 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/endpoint-monitoring-rhel9-operator:v2.11.4-6 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/governance-policy-propagator-rhel9:v2.11.4-13 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/grafana-dashboard-loader-rhel9:v2.11.4-6 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/insights-client-rhel9:v2.11.4-10 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/insights-metrics-rhel9:v2.11.4-11 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/klusterlet-addon-controller-rhel9:v2.11.4-6 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/kube-rbac-proxy-rhel9:v2.11.4-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/kube-state-metrics-rhel9:v2.11.4-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/memcached-exporter-rhel9:v2.11.4-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/memcached-rhel9:v2.11.4-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/metrics-collector-rhel9:v2.11.4-6 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/multicloud-integrations-rhel9:v2.11.4-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/multiclusterhub-rhel9:v2.11.4-16 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/multicluster-observability-rhel9-operator:v2.11.4-6 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/multicluster-operators-application-rhel9:v2.11.4-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/multicluster-operators-channel-rhel9:v2.11.4-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/multicluster-operators-subscription-rhel9:v2.11.4-5 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/node-exporter-rhel9:v2.11.4-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/observatorium-rhel9:v2.11.4-5 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/observatorium-rhel9-operator:v2.11.4-6 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/prometheus-alertmanager-rhel9:v2.11.4-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/prometheus-rhel9:v2.11.4-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/rbac-query-proxy-rhel9:v2.11.4-6 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/search-collector-rhel9:v2.11.4-10 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/submariner-addon-rhel9:v2.11.4-17 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/thanos-receive-controller-rhel9:v2.11.4-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9 | RedHat | rhacm2/thanos-rhel9:v2.11.4-5 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-cli-rhel9:v2.12.1-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-cluster-permission-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-governance-policy-addon-controller-rhel9:v2.12.1-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-governance-policy-framework-addon-rhel9:v2.12.1-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-grafana-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-multicluster-observability-addon-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-must-gather-rhel9:v2.12.1-5 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-operator-bundle:v2.12.1-10 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-prometheus-config-reloader-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-prometheus-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-search-indexer-rhel9:v2.12.1-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-search-v2-api-rhel9:v2.12.1-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-search-v2-rhel9:v2.12.1-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-siteconfig-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/acm-volsync-addon-controller-rhel9:v2.12.1-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/cert-policy-controller-rhel9:v2.12.1-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/cluster-backup-rhel9-operator:v2.12.1-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/config-policy-controller-rhel9:v2.12.1-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/console-rhel9:v2.12.1-8 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/endpoint-monitoring-rhel9-operator:v2.12.1-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/governance-policy-propagator-rhel9:v2.12.1-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/grafana-dashboard-loader-rhel9:v2.12.1-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/insights-client-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/insights-metrics-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/klusterlet-addon-controller-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/kube-rbac-proxy-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/kube-state-metrics-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/memcached-exporter-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/memcached-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/metrics-collector-rhel9:v2.12.1-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/multicloud-integrations-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/multiclusterhub-rhel9:v2.12.1-4 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/multicluster-observability-rhel9-operator:v2.12.1-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/multicluster-operators-application-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/multicluster-operators-channel-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/multicluster-operators-subscription-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/node-exporter-rhel9:v2.12.1-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/observatorium-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/observatorium-rhel9-operator:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/prometheus-alertmanager-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/prometheus-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/rbac-query-proxy-rhel9:v2.12.1-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/search-collector-rhel9:v2.12.1-3 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/submariner-addon-rhel9:v2.12.1-5 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/thanos-receive-controller-rhel9:v2.12.1-2 | * |
| Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9 | RedHat | rhacm2/thanos-rhel9:v2.12.1-2 | * |
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | RedHat | automation-controller-0:4.5.13-1.el8ap | * |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | RedHat | automation-controller-0:4.5.13-1.el9ap | * |
| Red Hat Migration Toolkit for Containers 1.8 | RedHat | rhmtc/openshift-migration-ui-rhel8:v1.8.5-7 | * |
| Red Hat OpenShift Container Platform 4.16 | RedHat | openshift4/ose-monitoring-plugin-rhel9:v4.16.0-202410021704.p0.g6a049e3.assembly.stream.el9 | * |
| Red Hat OpenShift Container Platform 4.17 | RedHat | openshift4/ose-monitoring-plugin-rhel9:v4.17.0-202410091535.p0.gc7bc7fc.assembly.stream.el9 | * |
| Red Hat OpenShift Container Platform 4.17 | RedHat | openshift4/nmstate-console-plugin-rhel9:v4.17.0-202501301204.p0.gcffdc60.assembly.stream.el9 | * |
| Red Hat OpenShift Dev Spaces 3 Containers | RedHat | devspaces/dashboard-rhel8:3.17-25 | * |
| Red Hat OpenShift GitOps 1.13 | RedHat | openshift-gitops-1/argocd-rhel8:v1.13.2-4 | * |
| Red Hat OpenShift GitOps 1.13 | RedHat | openshift-gitops-1/argo-rollouts-rhel8:v1.13.2-4 | * |
| Red Hat OpenShift GitOps 1.13 | RedHat | openshift-gitops-1/console-plugin-rhel8:v1.13.2-4 | * |
| Red Hat OpenShift GitOps 1.13 | RedHat | openshift-gitops-1/dex-rhel8:v1.13.2-4 | * |
| Red Hat OpenShift GitOps 1.13 | RedHat | openshift-gitops-1/gitops-operator-bundle:v1.13.2-4 | * |
| Red Hat OpenShift GitOps 1.13 | RedHat | openshift-gitops-1/gitops-rhel8:v1.13.2-4 | * |
| Red Hat OpenShift GitOps 1.13 | RedHat | openshift-gitops-1/gitops-rhel8-operator:v1.13.2-4 | * |
| Red Hat OpenShift GitOps 1.13 | RedHat | openshift-gitops-1/kam-delivery-rhel8:v1.13.2-4 | * |
| Red Hat OpenShift GitOps 1.13 | RedHat | openshift-gitops-1/must-gather-rhel8:v1.13.2-4 | * |
| Red Hat OpenShift GitOps 1.13 | RedHat | openshift-gitops-argocd-rhel9-container-v1.13.2-5 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/grafana-rhel8:2.6.2-3 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/istio-cni-rhel8:2.6.2-5 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/istio-must-gather-rhel8:2.6.2-4 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/istio-rhel8-operator:2.6.2-5 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/kiali-ossmc-rhel8:1.89.2-3 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/kiali-rhel8:1.89.4-3 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/kiali-rhel8-operator:1.89.6-1 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/pilot-rhel8:2.6.2-5 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 8 | RedHat | openshift-service-mesh/ratelimit-rhel8:2.6.2-3 | * |
| Red Hat OpenShift Service Mesh 2.6 for RHEL 9 | RedHat | openshift-service-mesh/proxyv2-rhel9:2.6.2-7 | * |
| RHODF-4.14-RHEL-9 | RedHat | odf4/odf-console-rhel9:v4.14.13-3 | * |
| RHODF-4.15-RHEL-9 | RedHat | odf4/odf-console-rhel9:v4.15.9-1 | * |
| RHODF-4.16-RHEL-9 | RedHat | odf4/ocs-client-console-rhel9:v4.16.5-2 | * |
| RHODF-4.16-RHEL-9 | RedHat | odf4/odf-console-rhel9:v4.16.5-2 | * |
| RHODF-4.16-RHEL-9 | RedHat | odf4/odf-multicluster-console-rhel9:v4.16.5-2 | * |
| RHODF-4.17-RHEL-9 | RedHat | odf4/mcg-core-rhel9:v4.17.0-69 | * |
| RHODF-4.17-RHEL-9 | RedHat | odf4/ocs-client-console-rhel9:v4.17.0-53 | * |
| RHODF-4.17-RHEL-9 | RedHat | odf4/odf-console-rhel9:v4.17.0-53 | * |
| RHODF-4.17-RHEL-9 | RedHat | odf4/odf-multicluster-console-rhel9:v4.17.0-53 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/cluster-logging-operator-bundle:v5.9.7-11 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/cluster-logging-rhel9-operator:v5.9.7-6 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/eventrouter-rhel9:v0.4.0-301 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/fluentd-rhel9:v5.9.7-3 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-282 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/logging-loki-rhel9:v3.1.1-10 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/logging-view-plugin-rhel9:v5.9.7-5 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/loki-operator-bundle:v5.9.7-16 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/loki-rhel9-operator:v5.9.7-7 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/lokistack-gateway-rhel9:v0.1.0-653 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/opa-openshift-rhel9:v0.1.0-288 | * |
| RHOL-5.9-RHEL-9 | RedHat | openshift-logging/vector-rhel9:v0.34.1-19 | * |
| RHOSS-1.35-RHEL-8 | RedHat | openshift-serverless-1/logic-data-index-ephemeral-rhel8:1.35.0-5 | * |
| RHOSS-1.35-RHEL-8 | RedHat | openshift-serverless-1/logic-data-index-postgresql-rhel8:1.35.0-5 | * |
| RHOSS-1.35-RHEL-8 | RedHat | openshift-serverless-1/logic-jobs-service-ephemeral-rhel8:1.35.0-5 | * |
| RHOSS-1.35-RHEL-8 | RedHat | openshift-serverless-1/logic-jobs-service-postgresql-rhel8:1.35.0-6 | * |
| RHOSS-1.35-RHEL-8 | RedHat | openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8:1.35.0-2 | * |
| RHOSS-1.35-RHEL-8 | RedHat | openshift-serverless-1/logic-management-console-rhel8:1.35.0-5 | * |
| RHOSS-1.35-RHEL-8 | RedHat | openshift-serverless-1/logic-operator-bundle:1.35.0-5 | * |
| RHOSS-1.35-RHEL-8 | RedHat | openshift-serverless-1/logic-rhel8-operator:1.35.0-6 | * |
| RHOSS-1.35-RHEL-8 | RedHat | openshift-serverless-1/logic-swf-builder-rhel8:1.35.0-6 | * |
| RHOSS-1.35-RHEL-8 | RedHat | openshift-serverless-1/logic-swf-devmode-rhel8:1.35.0-6 | * |
| Red Hat Developer Hub (RHDH) 1.4 | RedHat | rhdh/rhdh-hub-rhel9:sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3 | * |
| Red Hat OpenShift AI 2.16 | RedHat | rhoai/odh-dashboard-rhel8:sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee | * |
| Red Hat OpenShift AI 2.16 | RedHat | rhoai/odh-dashboard-rhel8:sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee | * |
| Red Hat OpenShift distributed tracing 3.4 | RedHat | rhosdt/jaeger-query-rhel8:sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994 | * |
| Red Hat OpenShift distributed tracing 3.4 | RedHat | rhosdt/jaeger-query-rhel8:sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749 | * |
| Red Hat Trusted Profile Analyzer 1.2 | RedHat | rhtpa/rhtpa-trustification-service-rhel9:sha256:c1a20911cb6cc59707f517f6203c2f8cb26644ee25dd0ed967393c5f57194464 | * |
| Red Hat Trusted Profile Analyzer 1.2 | RedHat | rhtpa/rhtpa-guac-rhel9:sha256:6911d51ce44779ef1a5f3428486698d19779da9316d799e0968047f01cef37f7 | * |
| Node-express | Ubuntu | plucky | * |
| Node-path-to-regexp | Ubuntu | focal | * |
| Node-path-to-regexp | Ubuntu | oracular | * |
| Node-path-to-regexp | Ubuntu | plucky | * |
Extended Description
Attackers can create crafted inputs that
intentionally cause the regular expression to use
excessive backtracking in a way that causes the CPU
consumption to spike.
Potential Mitigations
Related Attack Patterns
References
- https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f
- https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6
- https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j
- https://security.netapp.com/advisory/ntap-20250124-0001/