A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Redhat
  • Advanced Cluster Security
  • Openshift Gitops
Redocly
  • Redoc

Configuration 1 [-]

cpe:2.3:a:redocly:redoc:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Advanced Cluster Security 4.5
advanced-cluster-security/rhacs-central-db-rhel8:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-collector-rhel8:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-collector-slim-rhel8:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-rhel8-operator:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-roxctl-rhel8:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-rhel8:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-slim-rhel8:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-v4-rhel8:4.5.9-1 cpe:/a:redhat:advanced_cluster_security:4.5::el8 RHSA-2025:3928 2025-04-15T00:00:00Z
Red Hat Advanced Cluster Security 4.6
advanced-cluster-security/rhacs-central-db-rhel8:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-collector-rhel8:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-collector-slim-rhel8:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-rhel8-operator:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-roxctl-rhel8:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-rhel8:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-slim-rhel8:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-v4-rhel8:4.6.5-1 cpe:/a:redhat:advanced_cluster_security:4.6::el8 RHSA-2025:3929 2025-04-15T00:00:00Z
Red Hat Advanced Cluster Security 4.7
advanced-cluster-security/rhacs-central-db-rhel8:4.7.2-2 cpe:/a:redhat:advanced_cluster_security:4.7::el8 RHSA-2025:3930 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-collector-rhel8:4.7.2-2 cpe:/a:redhat:advanced_cluster_security:4.7::el8 RHSA-2025:3930 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.7.2-3 cpe:/a:redhat:advanced_cluster_security:4.7::el8 RHSA-2025:3930 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.7.2-4 cpe:/a:redhat:advanced_cluster_security:4.7::el8 RHSA-2025:3930 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-rhel8-operator:4.7.2-1 cpe:/a:redhat:advanced_cluster_security:4.7::el8 RHSA-2025:3930 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-roxctl-rhel8:4.7.2-1 cpe:/a:redhat:advanced_cluster_security:4.7::el8 RHSA-2025:3930 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.7.2-1 cpe:/a:redhat:advanced_cluster_security:4.7::el8 RHSA-2025:3930 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.7.2-1 cpe:/a:redhat:advanced_cluster_security:4.7::el8 RHSA-2025:3930 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-rhel8:4.7.2-2 cpe:/a:redhat:advanced_cluster_security:4.7::el8 RHSA-2025:3930 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-slim-rhel8:4.7.2-1 cpe:/a:redhat:advanced_cluster_security:4.7::el8 RHSA-2025:3930 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.7.2-1 cpe:/a:redhat:advanced_cluster_security:4.7::el8 RHSA-2025:3930 2025-04-15T00:00:00Z
advanced-cluster-security/rhacs-scanner-v4-rhel8:4.7.2-3 cpe:/a:redhat:advanced_cluster_security:4.7::el8 RHSA-2025:3930 2025-04-15T00:00:00Z
Red Hat OpenShift GitOps 1.14
openshift-gitops-1/argocd-rhel8:v1.14.4-1 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:8274 2025-05-28T00:00:00Z
openshift-gitops-1/argocd-rhel9:v1.14.4-1 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:8274 2025-05-28T00:00:00Z
openshift-gitops-1/argo-rollouts-rhel8:v1.14.4-1 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:8274 2025-05-28T00:00:00Z
openshift-gitops-1/console-plugin-rhel8:v1.14.4-1 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:8274 2025-05-28T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.14.4-1 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:8274 2025-05-28T00:00:00Z
openshift-gitops-1/gitops-operator-bundle:v1.14.4-1 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:8274 2025-05-28T00:00:00Z
openshift-gitops-1/gitops-rhel8:v1.14.4-1 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:8274 2025-05-28T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.14.4-1 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:8274 2025-05-28T00:00:00Z
openshift-gitops-1/kam-delivery-rhel8:v1.14.4-1 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:8274 2025-05-28T00:00:00Z
openshift-gitops-1/must-gather-rhel8:v1.14.4-1 cpe:/a:redhat:openshift_gitops:1.14::el8 RHSA-2025:8274 2025-05-28T00:00:00Z
Red Hat OpenShift GitOps 1.15
openshift-gitops-1/argocd-extensions-rhel8:v1.15.2-4 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:7753 2025-05-15T00:00:00Z
openshift-gitops-1/argocd-rhel8:v1.15.2-4 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:7753 2025-05-15T00:00:00Z
openshift-gitops-1/argocd-rhel9:v1.15.2-1 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:7753 2025-05-15T00:00:00Z
openshift-gitops-1/argo-rollouts-rhel8:v1.15.2-4 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:7753 2025-05-15T00:00:00Z
openshift-gitops-1/console-plugin-rhel8:v1.15.2-4 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:7753 2025-05-15T00:00:00Z
openshift-gitops-1/dex-rhel8:v1.15.2-4 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:7753 2025-05-15T00:00:00Z
openshift-gitops-1/gitops-operator-bundle:v1.15.2-4 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:7753 2025-05-15T00:00:00Z
openshift-gitops-1/gitops-rhel8:v1.15.2-4 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:7753 2025-05-15T00:00:00Z
openshift-gitops-1/gitops-rhel8-operator:v1.15.2-4 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:7753 2025-05-15T00:00:00Z
openshift-gitops-1/must-gather-rhel8:v1.15.2-4 cpe:/a:redhat:openshift_gitops:1.15::el8 RHSA-2025:7753 2025-05-15T00:00:00Z
References
Link Providers
https://github.com/Redocly/redoc/issues/2499 cve-icon cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-57083 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-57083 cve-icon
History

Thu, 29 May 2025 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:openshift_gitops:1.14::el8

Fri, 16 May 2025 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Gitops
CPEs cpe:/a:redhat:openshift_gitops:1.15::el8
Vendors & Products Redhat openshift Gitops

Wed, 16 Apr 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat advanced Cluster Security
CPEs cpe:/a:redhat:advanced_cluster_security:4.5::el8
cpe:/a:redhat:advanced_cluster_security:4.6::el8
cpe:/a:redhat:advanced_cluster_security:4.7::el8
Vendors & Products Redhat
Redhat advanced Cluster Security

Mon, 14 Apr 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Redocly
Redocly redoc
CPEs cpe:2.3:a:redocly:redoc:*:*:*:*:*:*:*:*
Vendors & Products Redocly
Redocly redoc

Wed, 02 Apr 2025 02:00:00 +0000

Type Values Removed Values Added
Title redoc: Prototype Pollution in redoc
References
Metrics threat_severity

None

 threat_severity

Important

Tue, 01 Apr 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1321
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 28 Mar 2025 20:45:00 +0000

Type Values Removed Values Added
Description A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
References
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-03-28T00:00:00.000Z

Updated: 2025-04-01T19:13:06.925Z

Reserved: 2025-01-09T00:00:00.000Z

Link: CVE-2024-57083

cve-icon Vulnrichment

Updated: 2025-04-01T19:12:43.967Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-28T21:15:17.307

Modified: 2025-04-14T17:02:15.813

Link: CVE-2024-57083

cve-icon Redhat

Severity : Important

Publid Date: 2025-03-28T00:00:00Z

Links: CVE-2024-57083 - Bugzilla