Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-28491 (GCVE-0-2020-28491)
Vulnerability from cvelistv5 – Published: 2021-02-18 15:50 – Updated: 2024-09-16 20:16
VLAI
EPSS
Title
Denial of Service (DoS)
Summary
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
Severity
7.5 (High)
CWE
- Denial of Service (DoS)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSO… | x_refsource_MISC |
| https://github.com/FasterXML/jackson-dataformats-… | x_refsource_MISC |
| https://github.com/FasterXML/jackson-dataformats-… | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | com.fasterxml.jackson.dataformat:jackson-dataformat-cbor |
Affected:
0 , < unspecified
(custom)
Affected: unspecified , < 2.11.4 (custom) Affected: 2.12.0-rc1 , < unspecified (custom) Affected: unspecified , < 2.12.1 (custom) |
Date Public
2021-02-18 00:00
Credits
cowtowncoder
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:58.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.11.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.12.0-rc1",
"versionType": "custom"
},
{
"lessThan": "2.12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "cowtowncoder"
}
],
"datePublic": "2021-02-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:17:12.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "Denial of Service (DoS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-02-18T15:46:36.779241Z",
"ID": "CVE-2020-28491",
"STATE": "PUBLIC",
"TITLE": "Denial of Service (DoS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "0"
},
{
"version_affected": "\u003c",
"version_value": "2.11.4"
},
{
"version_affected": "\u003e=",
"version_value": "2.12.0-rc1"
},
{
"version_affected": "\u003c",
"version_value": "2.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "cowtowncoder"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
},
{
"name": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-dataformats-binary/issues/186"
},
{
"name": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6",
"refsource": "MISC",
"url": "https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28491",
"datePublished": "2021-02-18T15:50:15.260Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:16:27.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-28491",
"date": "2026-05-31",
"epss": "0.00317",
"percentile": "0.5503"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-28491\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2021-02-18T16:15:13.207\",\"lastModified\":\"2024-11-21T05:22:53.697\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.\"},{\"lang\":\"es\",\"value\":\"Esto afecta al paquete com.fasterxml.jackson.dataformat:jackson-dataformat-cbor versiones desde 0 y anteriores a 2.11.4, versiones desde 2.12.0-rc1 y anteriores a 2.12.1.\u0026#xa0;Una asignaci\u00f3n no comprobada de b\u00fafer de bytes puede causar una excepci\u00f3n de java.lang.OutOfMemoryError\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-dataformats-binary:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.11.4\",\"matchCriteriaId\":\"6621426E-1001-48B0-BEFD-F032AFC27526\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-dataformats-binary:*:*:*:*:*:*:*:*\",\"versionStartExcluding\":\"2.12.0\",\"versionEndExcluding\":\"2.12.1\",\"matchCriteriaId\":\"DC85B4D7-6952-41AA-822C-7045F6352300\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-dataformats-binary:2.12.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FBFAC5C-3C12-4F2B-AFA2-38A5D0867F6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-dataformats-binary:2.12.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE827068-6625-4634-9385-3672AB9096F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fasterxml:jackson-dataformats-binary:2.12.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AD45DB3-F35D-486A-B43B-8B71F4CFE221\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.2\",\"matchCriteriaId\":\"237329EB-B10C-47DC-8D7B-2B98D21E6CE8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BCDC24-4A21-473C-8733-0D9CFB38A752\"}]}]}],\"references\":[{\"url\":\"https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-dataformats-binary/issues/186\",\"source\":\"report@snyk.io\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/FasterXML/jackson-dataformats-binary/issues/186\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
RHSA-2022:0727
Vulnerability from csaf_redhat - Published: 2022-03-01 18:15 - Updated: 2026-05-14 22:32Summary
Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)
Severity
Moderate
Notes
Topic: OpenShift Logging bug fix and security update (5.1.9)
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Logging bug fix and security update (5.1.9)
Security Fix(es):
* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)
* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x | — |
Vendor Fix
fix
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content.
5.9 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x | — |
Vendor Fix
fix
|
Known not affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le | — |
Threats
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "OpenShift Logging bug fix and security update (5.1.9)\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Logging bug fix and security update (5.1.9)\n\nSecurity Fix(es):\n\n* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0727",
"url": "https://access.redhat.com/errata/RHSA-2022:0727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1930423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
},
{
"category": "external",
"summary": "2052539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
},
{
"category": "external",
"summary": "LOG-2181",
"url": "https://issues.redhat.com/browse/LOG-2181"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0727.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)",
"tracking": {
"current_release_date": "2026-05-14T22:32:16+00:00",
"generator": {
"date": "2026-05-14T22:32:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2022:0727",
"initial_release_date": "2022-03-01T18:15:33+00:00",
"revision_history": [
{
"date": "2022-03-01T18:15:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-01T18:15:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:32:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Logging 5.1",
"product": {
"name": "OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.9-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.9-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-125"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-120"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-120"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-123"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-139"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.9-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.9-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-125"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-120"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-120"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-123"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-139"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.9-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.1.9-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.9-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.1.9-22"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-125"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-120"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-120"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-123"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-139"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64 as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64 as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64 as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64 as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64 as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64 as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64 as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64 as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64 as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le as a component of OpenShift Logging 5.1",
"product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28491",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1930423"
}
],
"notes": [
{
"category": "description",
"text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nIn OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container).\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
],
"known_not_affected": [
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28491"
},
{
"category": "external",
"summary": "RHBZ#1930423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
}
],
"release_date": "2021-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-01T18:15:33+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0727"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception"
},
{
"cve": "CVE-2022-0552",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-02-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2052539"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE only applies to the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container image, shipped in OpenShift Logging 5.1, 5.2. and 5.3.\nhttps://access.redhat.com/errata/RHSA-2021:5128\nhttps://access.redhat.com/errata/RHSA-2021:5127\nhttps://access.redhat.com/errata/RHSA-2021:5129",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
],
"known_not_affected": [
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0552"
},
{
"category": "external",
"summary": "RHBZ#2052539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0552"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-21409",
"url": "https://access.redhat.com/security/cve/CVE-2021-21409"
}
],
"release_date": "2022-02-28T10:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-01T18:15:33+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0727"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:6aeb86a1104724471c99eb394fc8c07fb9481ad5ab248e3f3bbba8d56f6cb93e_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:21f3bd80092877d90843e78debd7a5fd1aff51875fce59048dabca89fa51ca69_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:9514f7fc23b19265bdc8a78b37e9a8dac98f65188a72056b8bb8a8163383b547_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ab2aab3df7f2550caa2c4f13e29a4a0fcb08b823dec3eba0e42a42f8753128b3_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:d61d890f5c1ee9070bd28818ccb08b8ec594505e2750e3b280073bafe42ec8e1_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:367b3eb092a467407363c733d0c41b930808e673ceb2b772cb17888caa89ed61_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:aba4d7dad7dbd7c208331d2b21794540dbea7bb1108d86745be4342306b0be15_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:fcfbf2ccc6b506108e02ecaa042e1a4b9b3b11503aafedf1ad421b05b05ef1a4_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:232b9a2bc509a7836ad551d54d0f24f1c151f32b2bce58f75d4b79ab6dbcc0c6_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:6efe5c50c78a434cd19a1a9f244567c4356a3b5aedb7f1ababa5081a0238b0b4_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:b5568136dd267694fa68d81812ad5d74841bb9251152e1133ced2bfeb956e5ba_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:888b95895e36492288f7bd074ab7ac1fc97d3beef2b5e4a629f2140b06457cad_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:894af72f07632db2f82be51fec892c75d4c97716d8bf9df4c299dc33957fcadf_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:d24ca356f97f9823e66fb043d8e5cf401d1fbd42053960c331ad60ecfba4ebbc_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7b2e9c2dba488b4d38d8644a5fe0a99d3700990c8cbe75f7314f588fbf307be8_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:86a1d97846b58c2301a1b9028dfd1836696a58e13ea2a3cb38ed90747c77f7ed_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b213fd8668631e2ec07ed7a10dfaa5f848921a6a3aee0fdff787cb51d37ae994_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:57001bb75ace8b1389d95590658ca077f4898eaf85655cf3db28c0372595a138_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:c160f4ffdada7583e0eede455fd584c7749a4c95b3361e4dd6e3ded8c6ed24dd_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d21228e0a1896aeef9ab7c20b5acc773b4f59b65af33fc794287bf655c9c6898_ppc64le",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:91ee9e345ec178843a7828a4745c720183878cb381d5f4bbb4345674584a1f7d_amd64",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:d91a4084c397379aa878c8e6029c85efa61d46b862a83ca37697275e9789f219_s390x",
"8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:f3f3bd3d10a4839f86f19ce81bf4c3ad617d2a79a4e95bfe5ae8969afaff284e_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409"
}
]
}
RHSA-2022:0728
Vulnerability from csaf_redhat - Published: 2022-03-02 12:49 - Updated: 2026-05-14 22:32Summary
Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.2.8)
Severity
Moderate
Notes
Topic: OpenShift Logging bug fix and security update (5.2.8)
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: OpenShift Logging bug fix and security update (5.2.8)
Security Fix(es):
* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)
* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x | — |
Vendor Fix
fix
|
Known not affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x | — |
Threats
Impact
Moderate
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content.
5.9 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x | — |
Vendor Fix
fix
|
Known not affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64 | — | ||
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x | — |
Threats
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "OpenShift Logging bug fix and security update (5.2.8)\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "OpenShift Logging bug fix and security update (5.2.8)\n\nSecurity Fix(es):\n\n* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:0728",
"url": "https://access.redhat.com/errata/RHSA-2022:0728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1930423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
},
{
"category": "external",
"summary": "2052539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
},
{
"category": "external",
"summary": "LOG-2180",
"url": "https://issues.redhat.com/browse/LOG-2180"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0728.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.2.8)",
"tracking": {
"current_release_date": "2026-05-14T22:32:15+00:00",
"generator": {
"date": "2026-05-14T22:32:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2022:0728",
"initial_release_date": "2022-03-02T12:49:18+00:00",
"revision_history": [
{
"date": "2022-03-02T12:49:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-03-02T12:49:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:32:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Logging 5.2",
"product": {
"name": "OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-131"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-95"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-89"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-124"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-126"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-126"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-143"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.2.8-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.2.8-21"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-131"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-95"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-89"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-124"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-126"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-126"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-143"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-131"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-95"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-89"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-124"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-126"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-126"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-143"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28491",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-18T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1930423"
}
],
"notes": [
{
"category": "description",
"text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nIn OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container).\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x"
],
"known_not_affected": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28491"
},
{
"category": "external",
"summary": "RHBZ#1930423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
}
],
"release_date": "2021-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-02T12:49:18+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0728"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception"
},
{
"cve": "CVE-2022-0552",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-02-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2052539"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE only applies to the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container image, shipped in OpenShift Logging 5.1, 5.2. and 5.3.\nhttps://access.redhat.com/errata/RHSA-2021:5128\nhttps://access.redhat.com/errata/RHSA-2021:5127\nhttps://access.redhat.com/errata/RHSA-2021:5129",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x"
],
"known_not_affected": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0552"
},
{
"category": "external",
"summary": "RHBZ#2052539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0552"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-21409",
"url": "https://access.redhat.com/security/cve/CVE-2021-21409"
}
],
"release_date": "2022-02-28T10:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-03-02T12:49:18+00:00",
"details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:0728"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:9efd48f4378762483bfdb26fbd7ed7a1a6799c6733bf83ed19d71d50a9421c1f_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:225f1719b0787f94719c2216b6583d25897029438692b848c49d19e265954185_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:6d3fcd50e4a91d443bf89b0d90facdb1d0820fa894a7b8c81360707b9b45ccce_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:f0d88550ea2f1010d0c3fa4cfb09876fa21bb49fc716392c37d7899b367ed07c_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:fccef8d73e96a5c1c11b3735a090a63d6eb28ccc3d7a1c7c5f4f3bd7527ca520_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:22e87477e77c383c37ec55eed45e2bd3733754797b4196e35201dad338fa9281_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ae70043ba3b8904a63d61e52e051185f0a3f59ec11c6ac4fa7d1139dfa7ad167_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:ba10146ab50d0a83a6abebd759eda3570758ffdb6f4e986d7e748a21468d4167_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:8a4da049c3794c4255d4e7239aacc728657d319a5b69ec3e3b32190f22129480_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:b6bc9ea3d48eb1e9566edbd8ca7432e64fd197a127f8a96c0d7c8f945909a9b6_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:bb8a82cc3ff02bd474b49ec082c6d558683935e0a8d8cf2c05a9305fc348f6d3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:1a67ec9c7200171f5ec1fb56f256afdcd35e9e77c36fb9c3556ce89878d32b44_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:da7b9ef17d773085962a7d5fe71fdb5ba7a414a76f80e537433eec4d95b2bdb4_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:ed95cf0214ef4865013773140f920fa7f6f5b39e357ef88c54ea5e28727fa835_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:75bb761611ed91b2126434aee70c4666f42252595a876620cedab681888620c4_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:91e4e19f4b901cadb192976abade0aa0db99f9b7cb8b194debdc0b06c7378ea9_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:e4c5d3195ebcf8b32da14c7d24cbcd82e985591a4fc4a12b8792b6161d50b672_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:0ed6f883450cdfa87a852c378f0d8a8747338bfc1062b3ea74437b6ec419371f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:17ecd7ca8ea56b342eb24151731f7d964f960acbffc8ffdae11d6438eecf55c1_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:54dd96900e62e20ddb62669a27e94f361436bdfb825ad8bae019bb40fb0b327c_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:3a8ce4fdc8d0f4b35722a6e9a220b8c859e0441543c2bf0ccd9e362e3211e300_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:516595732dcdbe8d8a6f4cf22811dea392218f45d9e353ef7c0ded2df9145bfb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:aa99fdb8e81493936042ce49462839dda445a1f3a97ebfe1a51d8853eba02703_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:2ca801a49b219d407e677d6a61d29bd84a9b086b584ad5fbc71dd0995c658064_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a6a7311749763649bb905715259f3fa43b9660e19074747f5f2447c48de4ec6b_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:de9b764d47745031f1ba421c7f46c4250f0fdcc96baf8186b99684ebbdb79692_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c220a4d86d66a634619c2a5e89a0a069ee4b21e6703b718141157602bf5a7b4_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:266deb640ee061cf25d2716d97ec2fe0cf5a33888de74ef218f9444f517b681d_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:33ab888bd156705996f32cb1c5b3480aa17f7c45444bfc117ea1b791466d8609_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409"
}
]
}
SUSE-SU-2022:1678-1
Vulnerability from csaf_suse - Published: 2022-05-16 08:19 - Updated: 2022-05-16 08:19Summary
Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core
Severity
Important
Notes
Title of the patch: Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core
Description of the patch: This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues:
Security issues fixed:
- CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. (bsc#1197132)
- CVE-2020-25649: Fixed an insecure entity expansion in jackson-databind which was vulnerable to XML external entity (XXE). (bsc#1177616)
- CVE-2020-28491: Fixed a bug which could cause `java.lang.OutOfMemoryError` exception in jackson-dataformats-binary. (bsc#1182481)
Non security fixes:
jackson-annotations - update from version 2.10.2 to version 2.13.0:
+ Build with source/target levels 8
+ Add 'mvnw' wrapper
+ 'JsonSubType.Type' should accept array of names
+ Jackson version alignment with Gradle 6
+ Add '@JsonIncludeProperties'
+ Add '@JsonTypeInfo(use=DEDUCTION)'
+ Ability to use '@JsonAnyGetter' on fields
+ Add '@JsonKey' annotation
+ Allow repeated calls to 'SimpleObjectIdResolver.bindItem()' for same mapping
+ Add 'namespace' property for '@JsonProperty' (for XML module)
+ Add target 'ElementType.ANNOTATION_TYPE' for '@JsonEnumDefaultValue'
+ 'JsonPattern.Value.pattern' retained as '', never (accidentally) exposed as 'null'
+ Rewrite to use `ant` for building in order to be able to use it in packages that have to be built before maven
jackson-bom - update from version 2.10.2 to version 2.13.0:
+ Configure moditect plugin with '<jvmVersion>11</jvmVersion>'
+ jackson-bom manages the version of 'junit:junit'
+ Drop 'jackson-datatype-hibernate3' (support for Hibernate 3.x datatypes)
+ Removed 'jakarta' classifier variants of JAXB/JSON-P/JAX-RS modules due to the addition of new Jakarta artifacts
(Jakarta-JSONP, Jakarta-xmlbind-annotations, Jakarta-rs-providers)
+ Add version for 'jackson-datatype-jakarta-jsonp' module (introduced after 2.12.2)
+ Add (beta) version for 'jackson-dataformat-toml'
+ Jakarta 9 artifact versions are missing from jackson-bom
+ Add default settings for 'gradle-module-metadata-maven-plugin' (gradle metadata)
+ Add default settings for 'build-helper-maven-plugin'
+ Drop 'jackson-module-scala_2.10' entry (not released for Jackson 2.12 or later)
+ Add override for 'version.plugin.bundle' (for 5.1.1) to help build on JDK 15+
+ Add missing version for jackson-datatype-eclipse-collections
jackson-core - update from version 2.10.2 to version 2.13.0:
+ Build with source and target levels 8
+ Misleading exception for input source when processing byte buffer with start offset
+ Escape contents of source document snippet for 'JsonLocation._appendSourceDesc()'
+ Add 'StreamWriteException' type to eventually replace 'JsonGenerationException'
+ Replace 'getCurrentLocation()'/'getTokenLocation()' with 'currentLocation()'/'currentTokenLocation()' in
'JsonParser'
+ Replace 'JsonGenerator.writeObject()' (and related) with 'writePOJO()'
+ Replace 'getCurrentValue()'/'setCurrentValue()' with 'currentValue()'/'assignCurrentValue()' in
'JsonParser'/'JsonGenerator
+ Introduce O(n^1.5) BigDecimal parser implementation
+ ByteQuadsCanonicalizer.addName(String, int, int) has incorrect handling for case of q2 == null
+ UTF32Reader ArrayIndexOutOfBoundsException
+ Improve exception/JsonLocation handling for binary content: don't show content, include byte offset
+ Fix an issue with the TokenFilter unable to ignore properties when deserializing.
+ Optimize array allocation by 'JsonStringEncoder'
+ Add 'mvnw' wrapper
+ (partial) Optimize array allocation by 'JsonStringEncoder'
+ Add back accidentally removed 'JsonStringEncoder' related methods in 'BufferRecyclers'
(like 'getJsonStringEncoder()')
+ 'ArrayOutOfBoundException' at 'WriterBasedJsonGenerator.writeString(Reader, int)'
+ Allow 'optional-padding' for 'Base64Variant'
+ More customizable TokenFilter inclusion (using 'Tokenfilter.Inclusion')
+ Publish Gradle Module Metadata
+ Add 'StreamReadCapability' for further format-based/format-agnostic handling improvements
+ Add 'JsonParser.isExpectedNumberIntToken()' convenience method
+ Add 'StreamWriteCapability' for further format-based/format-agnostic handling improvements
+ Add 'JsonParser.getNumberValueExact()' to allow precision-retaining buffering
+ Limit initial allocated block size by 'ByteArrayBuilder' to max block size
+ Add 'JacksonException' as parent class of 'JsonProcessingException'
+ Make 'JsonWriteContext.reset()' and 'JsonReadContext.reset()' methods public
+ Deprecate 'JsonParser.getCurrentTokenId()' (use '#currentTokenId()' instead)
+ Full 'LICENSE' included in jar for easier access by compliancy tools
+ Fix NPE in 'writeNumber(String)' method of 'UTF8JsonGenerator', 'WriterBasedJsonGenerator'
+ Add a String Array write method in the Streaming API
+ Synchronize variants of 'JsonGenerator#writeNumberField' with 'JsonGenerator#writeNumber'
+ Add JsonGenerator#writeNumber(char[], int, int) method
+ Do not clear aggregated contents of 'TextBuffer' when 'releaseBuffers()' called
+ 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)'
+ Optionally allow leading decimal in float tokens
+ Rewrite to use ant for building in order to be able to use it in packages that have to be built before maven
+ Parsing JSON with 'ALLOW_MISSING_VALUE' enabled results in endless stream of 'VALUE_NULL' tokens
+ Handle case when system property access is restricted
+ 'FilteringGeneratorDelegate' does not handle 'writeString(Reader, int)'
+ DataFormatMatcher#getMatchedFormatName throws NPE when no match exists
+ 'JsonParser.getCurrentLocation()' byte/char offset update incorrectly for big payloads
jackson-databind - update from version 2.10.5.1 to version 2.13.0:
+ '@JsonValue' with integer for enum does not deserialize correctly
+ 'AnnotatedMethod.getValue()/setValue()' doesn't have useful exception message
+ Add 'DatabindException' as intermediate subtype of 'JsonMappingException'
+ Jackson does not support deserializing new Java 9 unmodifiable collections
+ Allocate TokenBuffer instance via context objects (to
allow format-specific buffer types)
+ Add mechanism for setting default 'ContextAttributes' for 'ObjectMapper'
+ Add 'DeserializationContext.readTreeAsValue()' methods
for more convenient conversions for deserializers to use
+ Clean up support of typed 'unmodifiable', 'singleton'
Maps/Sets/Collections
+ Extend internal bitfield of 'MapperFeature' to be
'long'
+ Add 'removeMixIn()' method in 'MapperBuilder'
+ Backport 'MapperBuilder' lambda-taking methods:
'withConfigOverride()', 'withCoercionConfig()',
'withCoercionConfigDefaults()'
+ configOverrides(boolean.class) silently ignored,
whereas .configOverride(Boolean.class) works for both
primitives and boxed boolean values
+ Dont track unknown props in buffer if
'ignoreAllUnknown' is true
+ Should allow deserialization of java.time types via
opaque 'JsonToken.VALUE_EMBEDDED_OBJECT'
+ Optimize 'AnnotatedConstructor.call()' case by passing
explicit null
+ Add AnnotationIntrospector.XmlExtensions interface for
decoupling javax dependencies
+ Custom SimpleModule not included in list returned by
ObjectMapper.getRegisteredModuleIds() after registration
+ Use more limiting default visibility settings for JDK
types (java.*, javax.*)
+ Deep merge for 'JsonNode' using 'ObjectReader.readTree()'
+ IllegalArgumentException: Conflicting setter
definitions for property with more than 2 setters
+ Serializing java.lang.Thread fails on JDK 11 and above
+ String-based 'Map' key deserializer is not
deterministic when there is no single arg constructor
+ Add ArrayNode#set(int index, primitive_type value)
+ JsonStreamContext 'currentValue' wrongly references to
'@JsonTypeInfo' annotated object
+ DOM 'Node' serialization omits the default namespace
declaration
+ Support 'suppressed' property when deserializing 'Throwable'
+ 'AnnotatedMember.equals()' does not work reliably
+ Add 'MapperFeature.APPLY_DEFAULT_VALUES', initially for Scala module
+ For an absent property Jackson injects 'NullNode'
instead of 'null' to a JsonNode-typed constructor argument of
a '@ConstructorProperties'-annotated constructor
+ 'XMLGregorianCalendar' doesn't work with default typing
+ Content 'null' handling not working for root values
+ StdDeserializer rejects blank (all-whitespace) strings
for ints
+ 'USE_BASE_TYPE_AS_DEFAULT_IMPL' not working with
'DefaultTypeResolverBuilder'
+ Add PropertyNamingStrategies.UpperSnakeCaseStrategy
(and UPPER_SNAKE_CASE constant)
+ StackOverflowError when serializing JsonProcessingException
+ Support for BCP 47 'java.util.Locale' serialization/deserialization
+ String property deserializes null as 'null' for
JsonTypeInfo.As.EXISTING_PROPERTY
+ Can not deserialize json to enum value with
Object-/Array-valued input, '@JsonCreator'
+ Fix to avoid problem with 'BigDecimalNode', scale of
'Integer.MIN_VALUE'
+ Extend handling of 'FAIL_ON_NULL_FOR_PRIMITIVES' to cover
coercion from (Empty) String via 'AsNull'
+ Add 'mvnw' wrapper
+ (regression) Factory method generic type resolution
does not use Class-bound type parameter
+ Deserialization of 'empty' subtype with DEDUCTION failed
+ Merge findInjectableValues() results in
AnnotationIntrospectorPair
+ READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE doesn't
work with empty strings
+ 'TypeFactory' cannot convert 'Collection' sub-type
without type parameters to canonical form and back
+ Fix for [modules-java8#207]: prevent fail on secondary Java 8
date/time types
+ EXTERNAL_PROPERTY does not work well with '@JsonCreator'
and 'FAIL_ON_UNKNOWN_PROPERTIES'
+ String property deserializes null as 'null' for
'JsonTypeInfo.As.EXTERNAL_PROPERTY'
+ Property ignorals cause 'BeanDeserializer 'to forget
how to read from arrays (not copying
'_arrayDelegateDeserializer')
+ UntypedObjectDeserializer' mixes multiple unwrapped
collections (related to #2733)
+ Two cases of incorrect error reporting about
DeserializationFeature
+ Bug in polymorphic deserialization with '@JsonCreator',
'@JsonAnySetter', 'JsonTypeInfo.As.EXTERNAL_PROPERTY'
+ Polymorphic subtype deduction ignores 'defaultImpl'
attribute
+ MismatchedInputException: Cannot deserialize instance
of 'com.fasterxml.jackson.databind.node.ObjectNode' out of
VALUE_NULL token
+ Missing override for 'hasAsKey()' in
'AnnotationIntrospectorPair'
+ Creator lookup fails with 'InvalidDefinitionException'
for conflict between single-double/single-Double arg constructor
+ 'MapDeserializer' forcing 'JsonMappingException'
wrapping even if WRAP_EXCEPTIONS set to false
+ Auto-detection of constructor-based creator method
skipped if there is an annotated factory-based creator method
(regression from 2.11)
+ 'ObjectMapper.treeToValue()' no longer invokes
'JsonDeserializer.getNullValue()'
+ DeserializationProblemHandler is not invoked when
trying to deserialize String
+ Fix failing 'double' JsonCreators in jackson 2.12.0
+ Conflicting in POJOPropertiesCollector when having
namingStrategy
+ Breaking API change in 'BasicClassIntrospector' (2.12.0)
+ 'JsonNode.requiredAt()' does NOT fail on some path expressions
+ Exception thrown when 'Collections.synchronizedList()'
is serialized with type info, deserialized
+ Add option to resolve type from multiple existing
properties, '@JsonTypeInfo(use=DEDUCTION)'
+ '@JsonIgnoreProperties' does not prevent Exception
Conflicting getter/setter definitions for property
+ Deserialization Not Working Right with Generic Types and
Builders
+ Add '@JsonIncludeProperties(propertyNames)' (reverse of
'@JsonIgnoreProperties')
+ '@JsonAnyGetter' should be allowed on a field
+ Allow handling of single-arg constructor as property
based by default
+ Allow case insensitive deserialization of String value
into 'boolean'/'Boolean' (esp for Excel)
+ Allow use of '@JsonFormat(with=JsonFormat.Feature
.ACCEPT_CASE_INSENSITIVE_PROPERTIES)' on Class
+ Abstract class included as part of known type ids for
error message when using JsonSubTypes
+ Distinguish null from empty string for UUID
deserialization
+ 'ReferenceType' does not expose valid containedType
+ Add 'CoercionConfig[s]' mechanism for configuring
allowed coercions
+ 'JsonProperty.Access.READ_ONLY' does not work with
'getter-as-setter' 'Collection's
+ Support 'BigInteger' and 'BigDecimal' creators in
'StdValueInstantiator'
+ 'JsonProperty.Access.READ_ONLY' fails with collections
when a property name is specified
+ 'BigDecimal' precision not retained for polymorphic
deserialization
+ Support use of 'Void' valued properties
('MapperFeature.ALLOW_VOID_VALUED_PROPERTIES')
+ Explicitly fail (de)serialization of 'java.time.*'
types in absence of registered custom (de)serializers
+ Improve description included in by
'DeserializationContext.handleUnexpectedToken()'
+ Support for JDK 14 record types ('java.lang.Record')
+ 'PropertyNamingStrategy' class initialization depends
on its subclass, this can lead to class loading deadlock
+ 'FAIL_ON_IGNORED_PROPERTIES' does not throw on
'READONLY' properties with an explicit name
+ Add Gradle Module Metadata for version alignment with
Gradle 6
+ Allow 'JsonNode' auto-convert into 'ArrayNode' if
duplicates found (for XML)
+ Allow values of 'untyped' auto-convert into 'List' if
duplicates found (for XML)
+ Add 'ValueInstantiator.createContextual(...)
+ Support multiple names in 'JsonSubType.Type'
+ Disabling 'FAIL_ON_INVALID_SUBTYPE' breaks polymorphic
deserialization of Enums
+ Explicitly fail (de)serialization of 'org.joda.time.*'
types in absence of registered custom (de)serializers
+ Trailing zeros are stripped when deserializing
BigDecimal values inside a @JsonUnwrapped property
+ Extract getter/setter/field name mangling from
'BeanUtil' into pluggable 'AccessorNamingStrategy'
+ Throw 'InvalidFormatException' instead of
'MismatchedInputException' for ACCEPT_FLOAT_AS_INT coercion
failures
+ Add '@JsonKey' annotation (similar to '@JsonValue') for
customizable serialization of Map keys
+ 'MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS' should
work for enum as keys
+ Add support for disabling special handling of 'Creator
properties' wrt alphabetic property ordering
+ Add 'JsonNode.canConvertToExactIntegral()' to indicate
whether floating-point/BigDecimal values could be converted to
integers losslessly
+ Improve static factory method generic type resolution
logic
+ Allow preventing 'Enum from integer' coercion using new
'CoercionConfig' system
+ '@JsonValue' not considered when evaluating inclusion
+ Make some java platform modules optional
+ Add support for serializing 'java.sql.Blob'
+ 'AnnotatedCreatorCollector' should avoid processing
synthetic static (factory) methods
+ Add errorprone static analysis profile to detect bugs at build time
+ Problem with implicit creator name detection for constructor detection
+ Add 'BeanDeserializerBase.isCaseInsensitive()'
+ Refactoring of 'CollectionDeserializer' to solve CSV array handling issues
+ Full 'LICENSE' included in jar for easier access by compliancy tools
+ Fix type resolution for static methods (regression in 2.11.3)
+ '@JsonCreator' on constructor not compatible with '@JsonIdentityInfo',
'PropertyGenerator'
+ Add debug improvements about 'ClassUtil.getClassMethods()'
+ Cannot detect creator arguments of mixins for JDK types
+ Add 'JsonFormat.Shape' awareness for UUID serialization ('UUIDSerializer')
+ Json serialization fails or a specific case that
contains generics and static methods with generic parameters
(2.11.1 -> 2.11.2 regression)
+ 'ObjectMapper.activateDefaultTypingAsProperty()' is not
using parameter 'PolymorphicTypeValidator'
+ Problem deserialization 'raw generic' fields
(like 'Map') in 2.11.2
+ Fix issues with 'MapLikeType.isTrueMapType()',
'CollectionLikeType.isTrueCollectionType()'
+ Parser/Generator features not set when using
'ObjectMapper.createParser()', 'createGenerator()'
+ Polymorphic subtypes not registering on copied
ObjectMapper (2.11.1)
+ Failure to read AnnotatedField value in Jackson 2.11
+ 'TypeFactory.constructType()' does not take
'TypeBindings' correctly
+ Builder Deserialization with JsonCreator Value vs Array
+ JsonCreator on static method in Enum and Enum used as
key in map fails randomly
+ 'StdSubtypeResolver' is not thread safe (possibly due
to copy not being made with 'ObjectMapper.copy()')
+ 'Conflicting setter definitions for property' exception
for 'Map' subtype during deserialization
+ Fail to deserialize local Records
+ Rearranging of props when property-based generator is
in use leads to incorrect output
+ Jackson doesn't respect
'CAN_OVERRIDE_ACCESS_MODIFIERS=false' for deserializer
properties
+ 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS'
don't support 'Map' type field
+ JsonParser from MismatchedInputException cannot
getText() for floating-point value
+ i-I case conversion problem in Turkish locale with
case-insensitive deserialization
+ '@JsonInject' fails on trying to find deserializer even
if inject-only
+ Polymorphic deserialization should handle
case-insensitive Type Id property name if
'MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES' is enabled
+ TreeTraversingParser and UTF8StreamJsonParser create
contexts differently
+ Support use of '@JsonAlias' for enum values
+ 'declaringClass' of 'enum-as-POJO' not removed for
'ObjectMapper' with a naming strategy
+ Fix 'JavaType.isEnumType()' to support sub-classes
+ BeanDeserializerBuilder Protected Factory Method for Extension
+ Support '@JsonSerialize(keyUsing)' and
'@JsonDeserialize(keyUsing)' on Key class
+ Add 'SerializationFeature.WRITE_SELF_REFERENCES_AS_NULL'
+ 'ObjectMapper.registerSubtypes(NamedType...)' doesn't
allow registering same POJO for two different type ids
+ 'DeserializationContext.handleMissingInstantiator()'
throws 'MismatchedInputException' for non-static inner classes
+ Incorrect 'JsonStreamContext' for 'TokenBuffer' and
'TreeTraversingParser'
+ Add 'AnnotationIntrospector.findRenameByField()' to
support Kotlin's 'is-getter' naming convention
+ Use '@JsonProperty(index)' for sorting properties on
serialization
+ Java 8 'Optional' not working with '@JsonUnwrapped' on
unwrappable type
+ Add 'MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES'
to allow blocking use of unsafe base type for polymorphic
deserialization
+ 'ObjectMapper.setSerializationInclusion()' is ignored
for 'JsonAnyGetter'
+ 'ValueInstantiationException' when deserializing using
a builder and 'UNWRAP_SINGLE_VALUE_ARRAYS'
+ JsonIgnoreProperties(ignoreUnknown = true) does not
work on field and method level
+ Failure to resolve generic type parameters on
serialization
+ JsonParser cannot getText() for input stream on
MismatchedInputException
+ ObjectReader readValue lacks Class<T> argument
+ Change default textual serialization of
'java.util.Date'/'Calendar' to include colon in timezone
offset
+ Add 'ObjectMapper.createParser()' and 'createGenerator()' methods
+ Allow serialization of 'Properties' with non-String values
+ Add new factory method for creating custom 'EnumValues'
to pass to 'EnumDeserializer
+ 'IllegalArgumentException' thrown for mismatched
subclass deserialization
+ Add convenience methods for creating 'List', 'Map'
valued 'ObjectReader's (ObjectMapper.readerForListOf())
+ 'SerializerProvider.findContentValueSerializer()' methods
jackson-dataformats-binary - update from version 2.10.1 to version 2.13.0:
+ (cbor) Should validate UTF-8 multi-byte validity for short decode path too
+ (ion) Deprecate 'CloseSafeUTF8Writer', remove use
+ (smile) Make 'SmileFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES'
+ (cbor) Make 'CBORFactory' support 'JsonFactory.Feature.CANONICALIZE_FIELD_NAMES'
+ (cbor) Handle case of BigDecimal with Integer.MIN_VALUE for scale gracefully
+ (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)
+ (cbor) Another uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)
+ (smile) Add 'SmileGenerator.Feature.LENIENT_UTF_ENCODING' for lenient
handling of broken Unicode surrogate pairs on writing
+ (avro) Add 'logicalType' support for some 'java.time' types; add 'AvroJavaTimeModule'
for native ser/deser
+ Support base64 strings in 'getBinaryValue()' for CBOR and Smile
+ (cbor) 'ArrayIndexOutOfBounds' for truncated UTF-8 name
+ (avro) Generate logicalType switch
+ (smile) 'ArrayIndexOutOfBounds' for truncated UTF-8 name
+ (ion) 'jackson-dataformat-ion' does not handle
null.struct deserialization correctly
+ 'Ion-java' dep 1.4.0 -> 1.8.0
+ Minor change to Ion module registration names (fully-qualified)
+ (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)
+ (cbor) Uncaught exception in CBORParser._findDecodedFromSymbols() (by ossfuzzer)
+ (smile) Uncaught validation problem wrt Smile 'BigDecimal' type
+ (smile) ArrayIndexOutOfBoundsException for malformed Smile header
+ (cbor) Failed to handle case of alleged String with length of Integer.MAX_VALUE
+ (smile) Allocate byte[] lazily for longer Smile binary data payloads
+ (cbor) CBORParser need to validate zero-length byte[] for BigInteger
+ (smile) Handle invalid chunked-binary-format length gracefully
+ (smile) Allocate byte[] lazily for longer Smile binary data payloads (7-bit encoded)
+ (smile) ArrayIndexOutOfBoundsException in SmileParser._decodeShortUnicodeValue()
+ (smile) Handle sequence of Smile header markers without recursion
+ (cbor) CBOR loses 'Map' entries with specific 'long' Map key values (32-bit boundary)
+ (ion) Ion Polymorphic deserialization in 2.12 breaks wrt use of Native Type Ids
when upgrading from 2.8
+ (cbor) 'ArrayIndexOutOfBoundsException' in 'CBORParser' for invalid UTF-8 String
+ (cbor) Handle invalid CBOR content like '[0x84]' (incomplete array)
+ (ion) Respect 'WRITE_ENUMS_USING_TO_STRING' in 'EnumAsIonSymbolSerializer'
+ (ion) Add support for generating IonSexps
+ (ion) Add support for deserializing IonTimestamps and IonBlobs
+ (ion) Add 'IonObjectMapper.builderForBinaryWriters()' /
'.builderforTextualWriters()' convenience methods
+ (ion) Enabling pretty-printing fails Ion serialization
+ (ion) Allow disabling native type ids in IonMapper
+ (smile) Small bug in byte-alignment for long field names
in Smile, symbol table reuse
+ (ion) Add 'IonFactory.getIonSystem()' accessor
+ (ion) Optimize 'IonParser.getNumberType()' using
'IonReader.getIntegerSize()'
+ (cbor) Add 'CBORGenerator.Feature.LENIENT_UTF_ENCODING'
for lenient handling of Unicode surrogate pairs on writing
+ (cbor) Add support for decoding unassigned 'simple
values' (type 7)
+ Add Gradle Module Metadata
(https://blog.gradle.org/alignment-with-gradle-module-metadata)
+ (avro) Cache record names to avoid hitting class loader
+ (avro) Avro null deserialization
+ (ion) Add 'IonFactory.getIonSystem()' accessor
+ (avro) Add 'AvroGenerator.canWriteBinaryNatively()' to
support binary writes, fix 'java.util.UUID' representation
+ (ion) Allow 'IonObjectMapper' with class name annotation
introspector to deserialize generic subtypes
+ Remove dependencies upon Jackson 1.X and Avro's
JacksonUtils
+ 'jackson-databind' should not be full dependency for
(cbor, protobuf, smile) modules
+ 'CBORGenerator.Feature.WRITE_MINIMAL_INTS' does not
write most compact form for all integers
+ 'AvroGenerator' overrides 'getOutputContext()' properly
+ (ion) Add 'IonFactory.getIonSystem()' accessor
+ (avro) Fix schema evolution involving maps of non-scalar
+ (protobuf) Parsing a protobuf message doesn't properly skip unknown fields
+ (ion) IonObjectMapper close()s the provided IonWriter unnecessarily
+ ion-java dependency 1.4.0 -> 1.5.1
Patchnames: SUSE-2022-1678,SUSE-SLE-Module-Basesystem-15-SP3-2022-1678,SUSE-SLE-Module-Basesystem-15-SP4-2022-1678,SUSE-SLE-Module-Development-Tools-15-SP3-2022-1678,SUSE-SLE-Module-Development-Tools-15-SP4-2022-1678,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-1678,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1678,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1678,SUSE-SLE-Product-RT-15-SP2-2022-1678,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1678,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1678,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1678,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1678,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1678,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1678,SUSE-Storage-7-2022-1678,openSUSE-SLE-15.3-2022-1678,openSUSE-SLE-15.4-2022-1678
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.8 (Medium)
Affected products
Recommended
76 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
76 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
76 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-36518: Fixed a Java stack overflow exception and denial of service via a large depth of nested objects in jackson-databind. (bsc#1197132)\n- CVE-2020-25649: Fixed an insecure entity expansion in jackson-databind which was vulnerable to XML external entity (XXE). (bsc#1177616)\n- CVE-2020-28491: Fixed a bug which could cause `java.lang.OutOfMemoryError` exception in jackson-dataformats-binary. (bsc#1182481)\n\nNon security fixes:\n\njackson-annotations - update from version 2.10.2 to version 2.13.0:\n\n + Build with source/target levels 8\n + Add \u0027mvnw\u0027 wrapper\n + \u0027JsonSubType.Type\u0027 should accept array of names\n + Jackson version alignment with Gradle 6\n + Add \u0027@JsonIncludeProperties\u0027\n + Add \u0027@JsonTypeInfo(use=DEDUCTION)\u0027\n + Ability to use \u0027@JsonAnyGetter\u0027 on fields\n + Add \u0027@JsonKey\u0027 annotation\n + Allow repeated calls to \u0027SimpleObjectIdResolver.bindItem()\u0027 for same mapping\n + Add \u0027namespace\u0027 property for \u0027@JsonProperty\u0027 (for XML module)\n + Add target \u0027ElementType.ANNOTATION_TYPE\u0027 for \u0027@JsonEnumDefaultValue\u0027\n + \u0027JsonPattern.Value.pattern\u0027 retained as \u0027\u0027, never (accidentally) exposed as \u0027null\u0027\n + Rewrite to use `ant` for building in order to be able to use it in packages that have to be built before maven\n\njackson-bom - update from version 2.10.2 to version 2.13.0:\n\n + Configure moditect plugin with \u0027\u003cjvmVersion\u003e11\u003c/jvmVersion\u003e\u0027\n + jackson-bom manages the version of \u0027junit:junit\u0027\n + Drop \u0027jackson-datatype-hibernate3\u0027 (support for Hibernate 3.x datatypes)\n + Removed \u0027jakarta\u0027 classifier variants of JAXB/JSON-P/JAX-RS modules due to the addition of new Jakarta artifacts\n (Jakarta-JSONP, Jakarta-xmlbind-annotations, Jakarta-rs-providers)\n + Add version for \u0027jackson-datatype-jakarta-jsonp\u0027 module (introduced after 2.12.2)\n + Add (beta) version for \u0027jackson-dataformat-toml\u0027\n + Jakarta 9 artifact versions are missing from jackson-bom\n + Add default settings for \u0027gradle-module-metadata-maven-plugin\u0027 (gradle metadata)\n + Add default settings for \u0027build-helper-maven-plugin\u0027\n + Drop \u0027jackson-module-scala_2.10\u0027 entry (not released for Jackson 2.12 or later)\n + Add override for \u0027version.plugin.bundle\u0027 (for 5.1.1) to help build on JDK 15+\n + Add missing version for jackson-datatype-eclipse-collections\n \njackson-core - update from version 2.10.2 to version 2.13.0:\n\n + Build with source and target levels 8\n + Misleading exception for input source when processing byte buffer with start offset\n + Escape contents of source document snippet for \u0027JsonLocation._appendSourceDesc()\u0027\n + Add \u0027StreamWriteException\u0027 type to eventually replace \u0027JsonGenerationException\u0027\n + Replace \u0027getCurrentLocation()\u0027/\u0027getTokenLocation()\u0027 with \u0027currentLocation()\u0027/\u0027currentTokenLocation()\u0027 in \n \u0027JsonParser\u0027\n + Replace \u0027JsonGenerator.writeObject()\u0027 (and related) with \u0027writePOJO()\u0027\n + Replace \u0027getCurrentValue()\u0027/\u0027setCurrentValue()\u0027 with \u0027currentValue()\u0027/\u0027assignCurrentValue()\u0027 in \n \u0027JsonParser\u0027/\u0027JsonGenerator\n + Introduce O(n^1.5) BigDecimal parser implementation\n + ByteQuadsCanonicalizer.addName(String, int, int) has incorrect handling for case of q2 == null\n + UTF32Reader ArrayIndexOutOfBoundsException\n + Improve exception/JsonLocation handling for binary content: don\u0027t show content, include byte offset\n + Fix an issue with the TokenFilter unable to ignore properties when deserializing.\n + Optimize array allocation by \u0027JsonStringEncoder\u0027\n + Add \u0027mvnw\u0027 wrapper\n + (partial) Optimize array allocation by \u0027JsonStringEncoder\u0027\n + Add back accidentally removed \u0027JsonStringEncoder\u0027 related methods in \u0027BufferRecyclers\u0027 \n (like \u0027getJsonStringEncoder()\u0027)\n + \u0027ArrayOutOfBoundException\u0027 at \u0027WriterBasedJsonGenerator.writeString(Reader, int)\u0027\n + Allow \u0027optional-padding\u0027 for \u0027Base64Variant\u0027\n + More customizable TokenFilter inclusion (using \u0027Tokenfilter.Inclusion\u0027)\n + Publish Gradle Module Metadata\n + Add \u0027StreamReadCapability\u0027 for further format-based/format-agnostic handling improvements\n + Add \u0027JsonParser.isExpectedNumberIntToken()\u0027 convenience method\n + Add \u0027StreamWriteCapability\u0027 for further format-based/format-agnostic handling improvements\n + Add \u0027JsonParser.getNumberValueExact()\u0027 to allow precision-retaining buffering\n + Limit initial allocated block size by \u0027ByteArrayBuilder\u0027 to max block size\n + Add \u0027JacksonException\u0027 as parent class of \u0027JsonProcessingException\u0027\n + Make \u0027JsonWriteContext.reset()\u0027 and \u0027JsonReadContext.reset()\u0027 methods public\n + Deprecate \u0027JsonParser.getCurrentTokenId()\u0027 (use \u0027#currentTokenId()\u0027 instead)\n + Full \u0027LICENSE\u0027 included in jar for easier access by compliancy tools\n + Fix NPE in \u0027writeNumber(String)\u0027 method of \u0027UTF8JsonGenerator\u0027, \u0027WriterBasedJsonGenerator\u0027\n + Add a String Array write method in the Streaming API\n + Synchronize variants of \u0027JsonGenerator#writeNumberField\u0027 with \u0027JsonGenerator#writeNumber\u0027\n + Add JsonGenerator#writeNumber(char[], int, int) method\n + Do not clear aggregated contents of \u0027TextBuffer\u0027 when \u0027releaseBuffers()\u0027 called\n + \u0027FilteringGeneratorDelegate\u0027 does not handle \u0027writeString(Reader, int)\u0027\n + Optionally allow leading decimal in float tokens\n + Rewrite to use ant for building in order to be able to use it in packages that have to be built before maven\n + Parsing JSON with \u0027ALLOW_MISSING_VALUE\u0027 enabled results in endless stream of \u0027VALUE_NULL\u0027 tokens\n + Handle case when system property access is restricted\n + \u0027FilteringGeneratorDelegate\u0027 does not handle \u0027writeString(Reader, int)\u0027\n + DataFormatMatcher#getMatchedFormatName throws NPE when no match exists\n + \u0027JsonParser.getCurrentLocation()\u0027 byte/char offset update incorrectly for big payloads \n\njackson-databind - update from version 2.10.5.1 to version 2.13.0:\n\n + \u0027@JsonValue\u0027 with integer for enum does not deserialize correctly\n + \u0027AnnotatedMethod.getValue()/setValue()\u0027 doesn\u0027t have useful exception message\n + Add \u0027DatabindException\u0027 as intermediate subtype of \u0027JsonMappingException\u0027\n + Jackson does not support deserializing new Java 9 unmodifiable collections\n + Allocate TokenBuffer instance via context objects (to\n allow format-specific buffer types)\n + Add mechanism for setting default \u0027ContextAttributes\u0027 for \u0027ObjectMapper\u0027\n + Add \u0027DeserializationContext.readTreeAsValue()\u0027 methods\n for more convenient conversions for deserializers to use\n + Clean up support of typed \u0027unmodifiable\u0027, \u0027singleton\u0027\n Maps/Sets/Collections\n + Extend internal bitfield of \u0027MapperFeature\u0027 to be\n \u0027long\u0027\n + Add \u0027removeMixIn()\u0027 method in \u0027MapperBuilder\u0027\n + Backport \u0027MapperBuilder\u0027 lambda-taking methods:\n \u0027withConfigOverride()\u0027, \u0027withCoercionConfig()\u0027,\n \u0027withCoercionConfigDefaults()\u0027\n + configOverrides(boolean.class) silently ignored,\n whereas .configOverride(Boolean.class) works for both\n primitives and boxed boolean values\n + Dont track unknown props in buffer if\n \u0027ignoreAllUnknown\u0027 is true\n + Should allow deserialization of java.time types via\n opaque \u0027JsonToken.VALUE_EMBEDDED_OBJECT\u0027\n + Optimize \u0027AnnotatedConstructor.call()\u0027 case by passing\n explicit null\n + Add AnnotationIntrospector.XmlExtensions interface for\n decoupling javax dependencies\n + Custom SimpleModule not included in list returned by\n ObjectMapper.getRegisteredModuleIds() after registration\n + Use more limiting default visibility settings for JDK\n types (java.*, javax.*)\n + Deep merge for \u0027JsonNode\u0027 using \u0027ObjectReader.readTree()\u0027\n + IllegalArgumentException: Conflicting setter\n definitions for property with more than 2 setters\n + Serializing java.lang.Thread fails on JDK 11 and above\n + String-based \u0027Map\u0027 key deserializer is not\n deterministic when there is no single arg constructor\n + Add ArrayNode#set(int index, primitive_type value)\n + JsonStreamContext \u0027currentValue\u0027 wrongly references to\n \u0027@JsonTypeInfo\u0027 annotated object\n + DOM \u0027Node\u0027 serialization omits the default namespace\n declaration\n + Support \u0027suppressed\u0027 property when deserializing \u0027Throwable\u0027\n + \u0027AnnotatedMember.equals()\u0027 does not work reliably\n + Add \u0027MapperFeature.APPLY_DEFAULT_VALUES\u0027, initially for Scala module\n + For an absent property Jackson injects \u0027NullNode\u0027\n instead of \u0027null\u0027 to a JsonNode-typed constructor argument of\n a \u0027@ConstructorProperties\u0027-annotated constructor\n + \u0027XMLGregorianCalendar\u0027 doesn\u0027t work with default typing\n + Content \u0027null\u0027 handling not working for root values\n + StdDeserializer rejects blank (all-whitespace) strings\n for ints\n + \u0027USE_BASE_TYPE_AS_DEFAULT_IMPL\u0027 not working with\n \u0027DefaultTypeResolverBuilder\u0027\n + Add PropertyNamingStrategies.UpperSnakeCaseStrategy\n (and UPPER_SNAKE_CASE constant)\n + StackOverflowError when serializing JsonProcessingException\n + Support for BCP 47 \u0027java.util.Locale\u0027 serialization/deserialization\n + String property deserializes null as \u0027null\u0027 for\n JsonTypeInfo.As.EXISTING_PROPERTY\n + Can not deserialize json to enum value with\n Object-/Array-valued input, \u0027@JsonCreator\u0027\n + Fix to avoid problem with \u0027BigDecimalNode\u0027, scale of\n \u0027Integer.MIN_VALUE\u0027\n + Extend handling of \u0027FAIL_ON_NULL_FOR_PRIMITIVES\u0027 to cover\n coercion from (Empty) String via \u0027AsNull\u0027\n + Add \u0027mvnw\u0027 wrapper\n + (regression) Factory method generic type resolution\n does not use Class-bound type parameter\n + Deserialization of \u0027empty\u0027 subtype with DEDUCTION failed\n + Merge findInjectableValues() results in\n AnnotationIntrospectorPair\n + READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE doesn\u0027t\n work with empty strings\n + \u0027TypeFactory\u0027 cannot convert \u0027Collection\u0027 sub-type\n without type parameters to canonical form and back\n + Fix for [modules-java8#207]: prevent fail on secondary Java 8\n date/time types\n + EXTERNAL_PROPERTY does not work well with \u0027@JsonCreator\u0027\n and \u0027FAIL_ON_UNKNOWN_PROPERTIES\u0027\n + String property deserializes null as \u0027null\u0027 for\n \u0027JsonTypeInfo.As.EXTERNAL_PROPERTY\u0027\n + Property ignorals cause \u0027BeanDeserializer \u0027to forget\n how to read from arrays (not copying\n \u0027_arrayDelegateDeserializer\u0027)\n + UntypedObjectDeserializer\u0027 mixes multiple unwrapped\n collections (related to #2733)\n + Two cases of incorrect error reporting about\n DeserializationFeature\n + Bug in polymorphic deserialization with \u0027@JsonCreator\u0027,\n \u0027@JsonAnySetter\u0027, \u0027JsonTypeInfo.As.EXTERNAL_PROPERTY\u0027\n + Polymorphic subtype deduction ignores \u0027defaultImpl\u0027\n attribute\n + MismatchedInputException: Cannot deserialize instance\n of \u0027com.fasterxml.jackson.databind.node.ObjectNode\u0027 out of\n VALUE_NULL token\n + Missing override for \u0027hasAsKey()\u0027 in\n \u0027AnnotationIntrospectorPair\u0027\n + Creator lookup fails with \u0027InvalidDefinitionException\u0027\n for conflict between single-double/single-Double arg constructor\n + \u0027MapDeserializer\u0027 forcing \u0027JsonMappingException\u0027\n wrapping even if WRAP_EXCEPTIONS set to false\n + Auto-detection of constructor-based creator method\n skipped if there is an annotated factory-based creator method\n (regression from 2.11)\n + \u0027ObjectMapper.treeToValue()\u0027 no longer invokes\n \u0027JsonDeserializer.getNullValue()\u0027\n + DeserializationProblemHandler is not invoked when\n trying to deserialize String\n + Fix failing \u0027double\u0027 JsonCreators in jackson 2.12.0\n + Conflicting in POJOPropertiesCollector when having\n namingStrategy\n + Breaking API change in \u0027BasicClassIntrospector\u0027 (2.12.0)\n + \u0027JsonNode.requiredAt()\u0027 does NOT fail on some path expressions\n + Exception thrown when \u0027Collections.synchronizedList()\u0027\n is serialized with type info, deserialized\n + Add option to resolve type from multiple existing\n properties, \u0027@JsonTypeInfo(use=DEDUCTION)\u0027\n + \u0027@JsonIgnoreProperties\u0027 does not prevent Exception\n Conflicting getter/setter definitions for property\n + Deserialization Not Working Right with Generic Types and\n Builders\n + Add \u0027@JsonIncludeProperties(propertyNames)\u0027 (reverse of\n \u0027@JsonIgnoreProperties\u0027)\n + \u0027@JsonAnyGetter\u0027 should be allowed on a field\n + Allow handling of single-arg constructor as property\n based by default\n + Allow case insensitive deserialization of String value\n into \u0027boolean\u0027/\u0027Boolean\u0027 (esp for Excel)\n + Allow use of \u0027@JsonFormat(with=JsonFormat.Feature\n .ACCEPT_CASE_INSENSITIVE_PROPERTIES)\u0027 on Class\n + Abstract class included as part of known type ids for\n error message when using JsonSubTypes\n + Distinguish null from empty string for UUID\n deserialization\n + \u0027ReferenceType\u0027 does not expose valid containedType\n + Add \u0027CoercionConfig[s]\u0027 mechanism for configuring\n allowed coercions\n + \u0027JsonProperty.Access.READ_ONLY\u0027 does not work with\n \u0027getter-as-setter\u0027 \u0027Collection\u0027s\n + Support \u0027BigInteger\u0027 and \u0027BigDecimal\u0027 creators in\n \u0027StdValueInstantiator\u0027\n + \u0027JsonProperty.Access.READ_ONLY\u0027 fails with collections\n when a property name is specified\n + \u0027BigDecimal\u0027 precision not retained for polymorphic\n deserialization\n + Support use of \u0027Void\u0027 valued properties\n (\u0027MapperFeature.ALLOW_VOID_VALUED_PROPERTIES\u0027)\n + Explicitly fail (de)serialization of \u0027java.time.*\u0027\n types in absence of registered custom (de)serializers\n + Improve description included in by\n \u0027DeserializationContext.handleUnexpectedToken()\u0027\n + Support for JDK 14 record types (\u0027java.lang.Record\u0027)\n + \u0027PropertyNamingStrategy\u0027 class initialization depends\n on its subclass, this can lead to class loading deadlock\n + \u0027FAIL_ON_IGNORED_PROPERTIES\u0027 does not throw on\n \u0027READONLY\u0027 properties with an explicit name\n + Add Gradle Module Metadata for version alignment with\n Gradle 6\n + Allow \u0027JsonNode\u0027 auto-convert into \u0027ArrayNode\u0027 if\n duplicates found (for XML)\n + Allow values of \u0027untyped\u0027 auto-convert into \u0027List\u0027 if\n duplicates found (for XML)\n + Add \u0027ValueInstantiator.createContextual(...)\n + Support multiple names in \u0027JsonSubType.Type\u0027\n + Disabling \u0027FAIL_ON_INVALID_SUBTYPE\u0027 breaks polymorphic\n deserialization of Enums\n + Explicitly fail (de)serialization of \u0027org.joda.time.*\u0027\n types in absence of registered custom (de)serializers\n + Trailing zeros are stripped when deserializing\n BigDecimal values inside a @JsonUnwrapped property\n + Extract getter/setter/field name mangling from\n \u0027BeanUtil\u0027 into pluggable \u0027AccessorNamingStrategy\u0027\n + Throw \u0027InvalidFormatException\u0027 instead of\n \u0027MismatchedInputException\u0027 for ACCEPT_FLOAT_AS_INT coercion\n failures\n + Add \u0027@JsonKey\u0027 annotation (similar to \u0027@JsonValue\u0027) for\n customizable serialization of Map keys\n + \u0027MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS\u0027 should\n work for enum as keys\n + Add support for disabling special handling of \u0027Creator\n properties\u0027 wrt alphabetic property ordering\n + Add \u0027JsonNode.canConvertToExactIntegral()\u0027 to indicate\n whether floating-point/BigDecimal values could be converted to\n integers losslessly\n + Improve static factory method generic type resolution\n logic\n + Allow preventing \u0027Enum from integer\u0027 coercion using new\n \u0027CoercionConfig\u0027 system\n + \u0027@JsonValue\u0027 not considered when evaluating inclusion\n + Make some java platform modules optional\n + Add support for serializing \u0027java.sql.Blob\u0027\n + \u0027AnnotatedCreatorCollector\u0027 should avoid processing\n synthetic static (factory) methods\n + Add errorprone static analysis profile to detect bugs at build time\n + Problem with implicit creator name detection for constructor detection\n + Add \u0027BeanDeserializerBase.isCaseInsensitive()\u0027\n + Refactoring of \u0027CollectionDeserializer\u0027 to solve CSV array handling issues\n + Full \u0027LICENSE\u0027 included in jar for easier access by compliancy tools\n + Fix type resolution for static methods (regression in 2.11.3)\n + \u0027@JsonCreator\u0027 on constructor not compatible with \u0027@JsonIdentityInfo\u0027, \n \u0027PropertyGenerator\u0027\n + Add debug improvements about \u0027ClassUtil.getClassMethods()\u0027\n + Cannot detect creator arguments of mixins for JDK types\n + Add \u0027JsonFormat.Shape\u0027 awareness for UUID serialization (\u0027UUIDSerializer\u0027)\n + Json serialization fails or a specific case that\n contains generics and static methods with generic parameters\n (2.11.1 -\u003e 2.11.2 regression)\n + \u0027ObjectMapper.activateDefaultTypingAsProperty()\u0027 is not\n using parameter \u0027PolymorphicTypeValidator\u0027\n + Problem deserialization \u0027raw generic\u0027 fields\n (like \u0027Map\u0027) in 2.11.2\n + Fix issues with \u0027MapLikeType.isTrueMapType()\u0027,\n \u0027CollectionLikeType.isTrueCollectionType()\u0027\n + Parser/Generator features not set when using\n \u0027ObjectMapper.createParser()\u0027, \u0027createGenerator()\u0027\n + Polymorphic subtypes not registering on copied\n ObjectMapper (2.11.1)\n + Failure to read AnnotatedField value in Jackson 2.11\n + \u0027TypeFactory.constructType()\u0027 does not take\n \u0027TypeBindings\u0027 correctly\n + Builder Deserialization with JsonCreator Value vs Array\n + JsonCreator on static method in Enum and Enum used as\n key in map fails randomly\n + \u0027StdSubtypeResolver\u0027 is not thread safe (possibly due\n to copy not being made with \u0027ObjectMapper.copy()\u0027)\n + \u0027Conflicting setter definitions for property\u0027 exception\n for \u0027Map\u0027 subtype during deserialization\n + Fail to deserialize local Records\n + Rearranging of props when property-based generator is\n in use leads to incorrect output\n + Jackson doesn\u0027t respect\n \u0027CAN_OVERRIDE_ACCESS_MODIFIERS=false\u0027 for deserializer\n properties\n + \u0027DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS\u0027\n don\u0027t support \u0027Map\u0027 type field\n + JsonParser from MismatchedInputException cannot\n getText() for floating-point value\n + i-I case conversion problem in Turkish locale with\n case-insensitive deserialization\n + \u0027@JsonInject\u0027 fails on trying to find deserializer even\n if inject-only\n + Polymorphic deserialization should handle\n case-insensitive Type Id property name if\n \u0027MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES\u0027 is enabled\n + TreeTraversingParser and UTF8StreamJsonParser create\n contexts differently\n + Support use of \u0027@JsonAlias\u0027 for enum values\n + \u0027declaringClass\u0027 of \u0027enum-as-POJO\u0027 not removed for\n \u0027ObjectMapper\u0027 with a naming strategy\n + Fix \u0027JavaType.isEnumType()\u0027 to support sub-classes\n + BeanDeserializerBuilder Protected Factory Method for Extension\n + Support \u0027@JsonSerialize(keyUsing)\u0027 and\n \u0027@JsonDeserialize(keyUsing)\u0027 on Key class\n + Add \u0027SerializationFeature.WRITE_SELF_REFERENCES_AS_NULL\u0027\n + \u0027ObjectMapper.registerSubtypes(NamedType...)\u0027 doesn\u0027t\n allow registering same POJO for two different type ids\n + \u0027DeserializationContext.handleMissingInstantiator()\u0027\n throws \u0027MismatchedInputException\u0027 for non-static inner classes\n + Incorrect \u0027JsonStreamContext\u0027 for \u0027TokenBuffer\u0027 and\n \u0027TreeTraversingParser\u0027\n + Add \u0027AnnotationIntrospector.findRenameByField()\u0027 to\n support Kotlin\u0027s \u0027is-getter\u0027 naming convention\n + Use \u0027@JsonProperty(index)\u0027 for sorting properties on\n serialization\n + Java 8 \u0027Optional\u0027 not working with \u0027@JsonUnwrapped\u0027 on\n unwrappable type\n + Add \u0027MapperFeature.BLOCK_UNSAFE_POLYMORPHIC_BASE_TYPES\u0027\n to allow blocking use of unsafe base type for polymorphic\n deserialization\n + \u0027ObjectMapper.setSerializationInclusion()\u0027 is ignored\n for \u0027JsonAnyGetter\u0027\n + \u0027ValueInstantiationException\u0027 when deserializing using\n a builder and \u0027UNWRAP_SINGLE_VALUE_ARRAYS\u0027\n + JsonIgnoreProperties(ignoreUnknown = true) does not\n work on field and method level\n + Failure to resolve generic type parameters on\n serialization\n + JsonParser cannot getText() for input stream on\n MismatchedInputException\n + ObjectReader readValue lacks Class\u003cT\u003e argument\n + Change default textual serialization of\n \u0027java.util.Date\u0027/\u0027Calendar\u0027 to include colon in timezone\n offset\n + Add \u0027ObjectMapper.createParser()\u0027 and \u0027createGenerator()\u0027 methods\n + Allow serialization of \u0027Properties\u0027 with non-String values\n + Add new factory method for creating custom \u0027EnumValues\u0027\n to pass to \u0027EnumDeserializer\n + \u0027IllegalArgumentException\u0027 thrown for mismatched\n subclass deserialization\n + Add convenience methods for creating \u0027List\u0027, \u0027Map\u0027\n valued \u0027ObjectReader\u0027s (ObjectMapper.readerForListOf())\n + \u0027SerializerProvider.findContentValueSerializer()\u0027 methods\n \njackson-dataformats-binary - update from version 2.10.1 to version 2.13.0:\n \n + (cbor) Should validate UTF-8 multi-byte validity for short decode path too\n + (ion) Deprecate \u0027CloseSafeUTF8Writer\u0027, remove use\n + (smile) Make \u0027SmileFactory\u0027 support \u0027JsonFactory.Feature.CANONICALIZE_FIELD_NAMES\u0027\n + (cbor) Make \u0027CBORFactory\u0027 support \u0027JsonFactory.Feature.CANONICALIZE_FIELD_NAMES\u0027\n + (cbor) Handle case of BigDecimal with Integer.MIN_VALUE for scale gracefully\n + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)\n + (cbor) Another uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)\n + (smile) Add \u0027SmileGenerator.Feature.LENIENT_UTF_ENCODING\u0027 for lenient\n handling of broken Unicode surrogate pairs on writing\n + (avro) Add \u0027logicalType\u0027 support for some \u0027java.time\u0027 types; add \u0027AvroJavaTimeModule\u0027\n for native ser/deser\n + Support base64 strings in \u0027getBinaryValue()\u0027 for CBOR and Smile\n + (cbor) \u0027ArrayIndexOutOfBounds\u0027 for truncated UTF-8 name\n + (avro) Generate logicalType switch\n + (smile) \u0027ArrayIndexOutOfBounds\u0027 for truncated UTF-8 name\n + (ion) \u0027jackson-dataformat-ion\u0027 does not handle\n null.struct deserialization correctly\n + \u0027Ion-java\u0027 dep 1.4.0 -\u003e 1.8.0\n + Minor change to Ion module registration names (fully-qualified)\n + (cbor) Uncaught exception in CBORParser._nextChunkedByte2 (by ossfuzzer)\n + (cbor) Uncaught exception in CBORParser._findDecodedFromSymbols() (by ossfuzzer)\n + (smile) Uncaught validation problem wrt Smile \u0027BigDecimal\u0027 type\n + (smile) ArrayIndexOutOfBoundsException for malformed Smile header\n + (cbor) Failed to handle case of alleged String with length of Integer.MAX_VALUE\n + (smile) Allocate byte[] lazily for longer Smile binary data payloads\n + (cbor) CBORParser need to validate zero-length byte[] for BigInteger\n + (smile) Handle invalid chunked-binary-format length gracefully\n + (smile) Allocate byte[] lazily for longer Smile binary data payloads (7-bit encoded)\n + (smile) ArrayIndexOutOfBoundsException in SmileParser._decodeShortUnicodeValue()\n + (smile) Handle sequence of Smile header markers without recursion\n + (cbor) CBOR loses \u0027Map\u0027 entries with specific \u0027long\u0027 Map key values (32-bit boundary)\n + (ion) Ion Polymorphic deserialization in 2.12 breaks wrt use of Native Type Ids \n when upgrading from 2.8\n + (cbor) \u0027ArrayIndexOutOfBoundsException\u0027 in \u0027CBORParser\u0027 for invalid UTF-8 String\n + (cbor) Handle invalid CBOR content like \u0027[0x84]\u0027 (incomplete array)\n + (ion) Respect \u0027WRITE_ENUMS_USING_TO_STRING\u0027 in \u0027EnumAsIonSymbolSerializer\u0027\n + (ion) Add support for generating IonSexps\n + (ion) Add support for deserializing IonTimestamps and IonBlobs\n + (ion) Add \u0027IonObjectMapper.builderForBinaryWriters()\u0027 /\n \u0027.builderforTextualWriters()\u0027 convenience methods\n + (ion) Enabling pretty-printing fails Ion serialization\n + (ion) Allow disabling native type ids in IonMapper\n + (smile) Small bug in byte-alignment for long field names\n in Smile, symbol table reuse\n + (ion) Add \u0027IonFactory.getIonSystem()\u0027 accessor\n + (ion) Optimize \u0027IonParser.getNumberType()\u0027 using\n \u0027IonReader.getIntegerSize()\u0027\n + (cbor) Add \u0027CBORGenerator.Feature.LENIENT_UTF_ENCODING\u0027\n for lenient handling of Unicode surrogate pairs on writing\n + (cbor) Add support for decoding unassigned \u0027simple\n values\u0027 (type 7)\n + Add Gradle Module Metadata\n (https://blog.gradle.org/alignment-with-gradle-module-metadata)\n + (avro) Cache record names to avoid hitting class loader\n + (avro) Avro null deserialization\n + (ion) Add \u0027IonFactory.getIonSystem()\u0027 accessor\n + (avro) Add \u0027AvroGenerator.canWriteBinaryNatively()\u0027 to\n support binary writes, fix \u0027java.util.UUID\u0027 representation\n + (ion) Allow \u0027IonObjectMapper\u0027 with class name annotation\n introspector to deserialize generic subtypes\n + Remove dependencies upon Jackson 1.X and Avro\u0027s\n JacksonUtils\n + \u0027jackson-databind\u0027 should not be full dependency for\n (cbor, protobuf, smile) modules\n + \u0027CBORGenerator.Feature.WRITE_MINIMAL_INTS\u0027 does not\n write most compact form for all integers\n + \u0027AvroGenerator\u0027 overrides \u0027getOutputContext()\u0027 properly\n + (ion) Add \u0027IonFactory.getIonSystem()\u0027 accessor\n + (avro) Fix schema evolution involving maps of non-scalar\n + (protobuf) Parsing a protobuf message doesn\u0027t properly skip unknown fields\n + (ion) IonObjectMapper close()s the provided IonWriter unnecessarily\n + ion-java dependency 1.4.0 -\u003e 1.5.1 \n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1678,SUSE-SLE-Module-Basesystem-15-SP3-2022-1678,SUSE-SLE-Module-Basesystem-15-SP4-2022-1678,SUSE-SLE-Module-Development-Tools-15-SP3-2022-1678,SUSE-SLE-Module-Development-Tools-15-SP4-2022-1678,SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-1678,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1678,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1678,SUSE-SLE-Product-RT-15-SP2-2022-1678,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1678,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1678,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1678,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1678,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1678,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1678,SUSE-Storage-7-2022-1678,openSUSE-SLE-15.3-2022-1678,openSUSE-SLE-15.4-2022-1678",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1678-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1678-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221678-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1678-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011022.html"
},
{
"category": "self",
"summary": "SUSE Bug 1177616",
"url": "https://bugzilla.suse.com/1177616"
},
{
"category": "self",
"summary": "SUSE Bug 1182481",
"url": "https://bugzilla.suse.com/1182481"
},
{
"category": "self",
"summary": "SUSE Bug 1197132",
"url": "https://bugzilla.suse.com/1197132"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25649 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28491 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36518 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36518/"
}
],
"title": "Security update for jackson-databind, jackson-dataformats-binary, jackson-annotations, jackson-bom, jackson-core",
"tracking": {
"current_release_date": "2022-05-16T08:19:25Z",
"generator": {
"date": "2022-05-16T08:19:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1678-1",
"initial_release_date": "2022-05-16T08:19:25Z",
"revision_history": [
{
"date": "2022-05-16T08:19:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"product": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"product_id": "jackson-annotations-2.13.0-150200.3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"product": {
"name": "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"product_id": "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "jackson-bom-2.13.0-150200.3.3.1.noarch",
"product": {
"name": "jackson-bom-2.13.0-150200.3.3.1.noarch",
"product_id": "jackson-bom-2.13.0-150200.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "jackson-core-2.13.0-150200.3.6.1.noarch",
"product": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch",
"product_id": "jackson-core-2.13.0-150200.3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"product": {
"name": "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"product_id": "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"product": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"product_id": "jackson-databind-2.13.0-150200.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"product": {
"name": "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"product_id": "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch"
}
},
{
"category": "product_version",
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"product": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"product_id": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"product": {
"name": "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"product_id": "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"product": {
"name": "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"product_id": "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch"
}
},
{
"category": "product_version",
"name": "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"product": {
"name": "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"product_id": "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Real Time 15 SP2",
"product_id": "SUSE Linux Enterprise Real Time 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_rt:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Real Time 15 SP2",
"product_id": "SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Real Time 15 SP2",
"product_id": "SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Real Time 15 SP2",
"product_id": "SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise Real Time 15 SP2",
"product_id": "SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-2.13.0-150200.3.3.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch"
},
"product_reference": "jackson-bom-2.13.0-150200.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-bom-2.13.0-150200.3.3.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch"
},
"product_reference": "jackson-bom-2.13.0-150200.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch"
},
"product_reference": "jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-2.13.0-150200.3.9.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch"
},
"product_reference": "jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch"
},
"product_reference": "jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25649"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25649",
"url": "https://www.suse.com/security/cve/CVE-2020-25649"
},
{
"category": "external",
"summary": "SUSE Bug 1177616 for CVE-2020-25649",
"url": "https://bugzilla.suse.com/1177616"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:19:25Z",
"details": "moderate"
}
],
"title": "CVE-2020-25649"
},
{
"cve": "CVE-2020-28491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28491"
}
],
"notes": [
{
"category": "general",
"text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28491",
"url": "https://www.suse.com/security/cve/CVE-2020-28491"
},
{
"category": "external",
"summary": "SUSE Bug 1182481 for CVE-2020-28491",
"url": "https://bugzilla.suse.com/1182481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:19:25Z",
"details": "important"
}
],
"title": "CVE-2020-28491"
},
{
"cve": "CVE-2020-36518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36518"
}
],
"notes": [
{
"category": "general",
"text": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36518",
"url": "https://www.suse.com/security/cve/CVE-2020-36518"
},
{
"category": "external",
"summary": "SUSE Bug 1197132 for CVE-2020-36518",
"url": "https://bugzilla.suse.com/1197132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Enterprise Storage 7:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Enterprise Storage 7:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Real Time 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-BCL:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Proxy 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Proxy 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Proxy 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Retail Branch Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"SUSE Manager Server 4.1:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-core-2.13.0-150200.3.6.1.noarch",
"SUSE Manager Server 4.1:jackson-databind-2.13.0-150200.3.9.1.noarch",
"SUSE Manager Server 4.1:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.3:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.3:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.3:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.3:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-annotations-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-annotations-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-bom-2.13.0-150200.3.3.1.noarch",
"openSUSE Leap 15.4:jackson-core-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-core-javadoc-2.13.0-150200.3.6.1.noarch",
"openSUSE Leap 15.4:jackson-databind-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-databind-javadoc-2.13.0-150200.3.9.1.noarch",
"openSUSE Leap 15.4:jackson-dataformat-cbor-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformat-smile-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-2.13.0-150200.3.3.3.noarch",
"openSUSE Leap 15.4:jackson-dataformats-binary-javadoc-2.13.0-150200.3.3.3.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-05-16T08:19:25Z",
"details": "important"
}
],
"title": "CVE-2020-36518"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…