Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-21409 (GCVE-0-2021-21409)
Vulnerability from cvelistv5 – Published: 2021-03-30 15:05 – Updated: 2024-08-03 18:09
VLAI
EPSS
Title
Possible request smuggling in HTTP/2 due missing validation of content-length
Summary
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
Severity
5.9 (Medium)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Assigner
References
59 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:16.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.61.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:24:02.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E"
},
{
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"source": {
"advisory": "GHSA-f256-j965-7f32",
"discovery": "UNKNOWN"
},
"title": "Possible request smuggling in HTTP/2 due missing validation of content-length",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21409",
"STATE": "PUBLIC",
"TITLE": "Possible request smuggling in HTTP/2 due missing validation of content-length"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "netty",
"version": {
"version_data": [
{
"version_value": "\u003c 4.1.61.Final"
}
]
}
}
]
},
"vendor_name": "netty"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"refsource": "CONFIRM",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"refsource": "MISC",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295",
"refsource": "MISC",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"name": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432",
"refsource": "MISC",
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"name": "DSA-4885",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3Cissues.flink.apache.org%3E"
},
{
"name": "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210604-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"advisory": "GHSA-f256-j965-7f32",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21409",
"datePublished": "2021-03-30T15:05:17.000Z",
"dateReserved": "2020-12-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:09:16.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-21409",
"date": "2026-05-29",
"epss": "0.02547",
"percentile": "0.85726"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-21409\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-03-30T15:15:14.573\",\"lastModified\":\"2024-11-21T05:48:17.963\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.\"},{\"lang\":\"es\",\"value\":\"Netty es un framework de aplicaci\u00f3n de red de c\u00f3digo abierto y as\u00edncrono event-driven para el desarrollo r\u00e1pido de servidores y clientes de protocolo de alto rendimiento mantenibles.\u0026#xa0;En Netty (io.netty:netty-codec-http2) versiones anteriores a 4.1.61.Final se presenta una vulnerabilidad que permite el trafico no autorizado de peticiones.\u0026#xa0;El encabezado content-length no es comprobado correctamente si la petici\u00f3n solo usa un \u00fanico Http2HeaderFrame con endStream establecido en verdadero.\u0026#xa0;Esto podr\u00eda conllevar al trafico no autorizado de peticiones si la petici\u00f3n se env\u00eda a un peer remoto y se traduce a HTTP/1.1.\u0026#xa0;Este es un seguimiento de GHSA-wm47-8v5p-wjpj/CVE-2021-21295 que no pudo solucionar este caso.\u0026#xa0;Esto se corrigi\u00f3 como parte de la versi\u00f3n 4.1.61.Final.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.61\",\"matchCriteriaId\":\"BC283248-0EB5-46CA-A68C-4FF004D606F8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EC98B22-FFAA-4B59-8E63-EBAA4336AD13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF9A061-2421-426D-9854-0A4E55B2961D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F95EDC3D-54BB-48F9-82F2-7CCF335FCA78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B72B735F-4E52-484A-9C2C-23E6E2070385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B36A1D4-F391-4EE3-9A65-0A10568795BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0275F820-40BE-47B8-B167-815A55DF578E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E14324D-B9EE-4C06-ACC7-255189ED6300\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBEBB60F-6EAB-4AE5-B777-5044C657FBA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B185C1EA-71E6-4972-8637-08A33CC00841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FA64A1D-34F9-4441-857A-25C165E6DBB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06594847-96ED-4541-B2F4-C7331B603603\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC12B43F-30F6-4B05-AB3A-E91D8404D5A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4479F76A-4B67-41CC-98C7-C76B81050F8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"040DA31B-2A0C-46F6-8EDF-9B88F9FB0F48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1214FDF-357A-4BB9-BADE-50FB2BD16D10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E7626D2-D9FF-416A-9581-852CED0D8C24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99344A5D-F4B7-49B4-9AE6-0E2FB3874EA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.2.6.3\",\"matchCriteriaId\":\"BE34D4F7-5C18-4578-8D0A-722FDF931333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"21.1.12\",\"matchCriteriaId\":\"7167D144-C4AE-487F-B59A-888E10EA59DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.12.0\",\"versionEndIncluding\":\"17.12.11\",\"matchCriteriaId\":\"8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.8.0\",\"versionEndIncluding\":\"18.8.11\",\"matchCriteriaId\":\"53E2276C-9515-46F6-A621-213A3047B9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"19.12.0\",\"versionEndIncluding\":\"19.12.10\",\"matchCriteriaId\":\"3EF7E2B4-B741-41E9-8EF6-6C415AB9EF54\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.13.7\",\"matchCriteriaId\":\"64839EBF-078E-492A-897C-9AFFB7678ED8\"}]}]}],\"references\":[{\"url\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210604-0003/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4885\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210604-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4885\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
FKIE_CVE-2021-21409
Vulnerability from fkie_nvd - Published: 2021-03-30 15:15 - Updated: 2024-11-21 05:48
Severity
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC283248-0EB5-46CA-A68C-4FF004D606F8",
"versionEndExcluding": "4.1.61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF9A061-2421-426D-9854-0A4E55B2961D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F95EDC3D-54BB-48F9-82F2-7CCF335FCA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B72B735F-4E52-484A-9C2C-23E6E2070385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8B36A1D4-F391-4EE3-9A65-0A10568795BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0275F820-40BE-47B8-B167-815A55DF578E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E14324D-B9EE-4C06-ACC7-255189ED6300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBEBB60F-6EAB-4AE5-B777-5044C657FBA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B185C1EA-71E6-4972-8637-08A33CC00841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA64A1D-34F9-4441-857A-25C165E6DBB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "06594847-96ED-4541-B2F4-C7331B603603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC12B43F-30F6-4B05-AB3A-E91D8404D5A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "040DA31B-2A0C-46F6-8EDF-9B88F9FB0F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7626D2-D9FF-416A-9581-852CED0D8C24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99344A5D-F4B7-49B4-9AE6-0E2FB3874EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE34D4F7-5C18-4578-8D0A-722FDF931333",
"versionEndExcluding": "9.2.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7167D144-C4AE-487F-B59A-888E10EA59DF",
"versionEndExcluding": "21.1.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53E2276C-9515-46F6-A621-213A3047B9A6",
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7E2B4-B741-41E9-8EF6-6C415AB9EF54",
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64839EBF-078E-492A-897C-9AFFB7678ED8",
"versionEndIncluding": "1.13.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final."
},
{
"lang": "es",
"value": "Netty es un framework de aplicaci\u00f3n de red de c\u00f3digo abierto y as\u00edncrono event-driven para el desarrollo r\u00e1pido de servidores y clientes de protocolo de alto rendimiento mantenibles.\u0026#xa0;En Netty (io.netty:netty-codec-http2) versiones anteriores a 4.1.61.Final se presenta una vulnerabilidad que permite el trafico no autorizado de peticiones.\u0026#xa0;El encabezado content-length no es comprobado correctamente si la petici\u00f3n solo usa un \u00fanico Http2HeaderFrame con endStream establecido en verdadero.\u0026#xa0;Esto podr\u00eda conllevar al trafico no autorizado de peticiones si la petici\u00f3n se env\u00eda a un peer remoto y se traduce a HTTP/1.1.\u0026#xa0;Este es un seguimiento de GHSA-wm47-8v5p-wjpj/CVE-2021-21295 que no pudo solucionar este caso.\u0026#xa0;Esto se corrigi\u00f3 como parte de la versi\u00f3n 4.1.61.Final."
}
],
"id": "CVE-2021-21409",
"lastModified": "2024-11-21T05:48:17.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-30T15:15:14.573",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-F256-J965-7F32
Vulnerability from github – Published: 2021-03-30 15:10 – Updated: 2022-02-08 21:31
VLAI
Summary
Possible request smuggling in HTTP/2 due missing validation of content-length
Details
Impact
The content-length header is not correctly validated if the request only use a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1
This is a followup of https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj which did miss to fix this one case.
Patches
This was fixed as part of 4.1.61.Final
Workarounds
Validation can be done by the user before proxy the request by validating the header.
Severity
5.9 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty-codec-http2"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.1.61.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 4.0.0"
},
"package": {
"ecosystem": "Maven",
"name": "org.jboss.netty:netty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c 4.0.0"
},
"package": {
"ecosystem": "Maven",
"name": "io.netty:netty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-21409"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-30T15:03:26Z",
"nvd_published_at": "2021-03-30T15:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe content-length header is not correctly validated if the request only use a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1\n\nThis is a followup of https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj which did miss to fix this one case. \n\n### Patches\nThis was fixed as part of 4.1.61.Final\n\n### Workarounds\nValidation can be done by the user before proxy the request by validating the header.",
"id": "GHSA-f256-j965-7f32",
"modified": "2022-02-08T21:31:25Z",
"published": "2021-03-30T15:10:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
},
{
"type": "WEB",
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3Ccommits.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3Ccommits.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3Cissues.kudu.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362@%3Cdev.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3Cissues.kudu.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3Cjira.kafka.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575@%3Cdev.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3Cissues.kudu.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210604-0003"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"type": "PACKAGE",
"url": "https://github.com/netty/netty"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3Cissues.kudu.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3Ccommits.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3Cdev.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3Ccommits.pulsar.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3Cissues.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0@%3Cissues.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2@%3Ccommits.zookeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3Cdev.flink.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3Cissues.kudu.apache.org%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Possible request smuggling in HTTP/2 due missing validation of content-length"
}
GSD-2021-21409
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-21409",
"description": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.",
"id": "GSD-2021-21409",
"references": [
"https://www.suse.com/security/cve/CVE-2021-21409.html",
"https://www.debian.org/security/2021/dsa-4885",
"https://access.redhat.com/errata/RHSA-2021:5134",
"https://access.redhat.com/errata/RHSA-2021:5129",
"https://access.redhat.com/errata/RHSA-2021:5128",
"https://access.redhat.com/errata/RHSA-2021:5127",
"https://access.redhat.com/errata/RHSA-2021:3880",
"https://access.redhat.com/errata/RHSA-2021:3700",
"https://access.redhat.com/errata/RHSA-2021:3660",
"https://access.redhat.com/errata/RHSA-2021:3658",
"https://access.redhat.com/errata/RHSA-2021:3656",
"https://access.redhat.com/errata/RHSA-2021:3225",
"https://access.redhat.com/errata/RHSA-2021:2965",
"https://access.redhat.com/errata/RHSA-2021:2755",
"https://access.redhat.com/errata/RHSA-2021:2696",
"https://access.redhat.com/errata/RHSA-2021:2694",
"https://access.redhat.com/errata/RHSA-2021:2693",
"https://access.redhat.com/errata/RHSA-2021:2692",
"https://access.redhat.com/errata/RHSA-2021:2689",
"https://access.redhat.com/errata/RHSA-2021:2465",
"https://access.redhat.com/errata/RHSA-2021:2139",
"https://access.redhat.com/errata/RHSA-2021:1511",
"https://advisories.mageia.org/CVE-2021-21409.html",
"https://access.redhat.com/errata/RHSA-2022:5498"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-21409"
],
"details": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.",
"id": "GSD-2021-21409",
"modified": "2023-12-13T01:23:10.813113Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21409",
"STATE": "PUBLIC",
"TITLE": "Possible request smuggling in HTTP/2 due missing validation of content-length"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "netty",
"version": {
"version_data": [
{
"version_value": "\u003c 4.1.61.Final"
}
]
}
}
]
},
"vendor_name": "netty"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"refsource": "CONFIRM",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"refsource": "MISC",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295",
"refsource": "MISC",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"name": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432",
"refsource": "MISC",
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"name": "DSA-4885",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3Cissues.flink.apache.org%3E"
},
{
"name": "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3Cissues.flink.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210604-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"advisory": "GHSA-f256-j965-7f32",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[1.4.10],[2.4.0]",
"affected_versions": "Version 1.4.10, version 2.4.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-444",
"CWE-937"
],
"date": "2022-05-12",
"description": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.",
"fixed_versions": [
"1.4.11",
"2.4.1"
],
"identifier": "CVE-2021-21409",
"identifiers": [
"CVE-2021-21409",
"GHSA-f256-j965-7f32",
"GHSA-wm47-8v5p-wjpj"
],
"not_impacted": "All versions before 1.4.10, all versions after 1.4.10 before 2.4.0, all versions after 2.4.0",
"package_slug": "maven/io.helidon/helidon-dependencies",
"pubdate": "2021-03-30",
"solution": "Upgrade to versions 1.4.11, 2.4.1 or above.",
"title": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295",
"https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432",
"https://www.debian.org/security/2021/dsa-4885",
"https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3Cdev.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3Cnotifications.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3Cnotifications.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3Ccommits.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3Ccommits.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3Ccommits.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3Cnotifications.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3Ccommits.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3Ccommits.pulsar.apache.org%3E",
"https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3Ccommits.pulsar.apache.org%3E",
"https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3Ccommits.pulsar.apache.org%3E",
"https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3Cdev.flink.apache.org%3E",
"https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3Cjira.kafka.apache.org%3E",
"https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575@%3Cdev.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8@%3Cnotifications.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183@%3Cnotifications.zookeeper.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210604-0003/",
"https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3Cissues.flink.apache.org%3E",
"https://www.oracle.com//security-alerts/cpujul2021.html",
"https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3Cnotifications.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3Cissues.kudu.apache.org%3E",
"https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3Cissues.kudu.apache.org%3E",
"https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3Cissues.kudu.apache.org%3E",
"https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3Cissues.kudu.apache.org%3E",
"https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3Cissues.kudu.apache.org%3E",
"https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362@%3Cdev.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2@%3Ccommits.zookeeper.apache.org%3E",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.oracle.com/security-alerts/cpuapr2022.html"
],
"uuid": "9bbef1cf-8d44-41b5-afd8-b3b62c156021"
},
{
"affected_range": "(,4.1.61)",
"affected_versions": "All versions before 4.1.61",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-444",
"CWE-937"
],
"date": "2022-05-12",
"description": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case.",
"fixed_versions": [
"4.1.61.Final"
],
"identifier": "CVE-2021-21409",
"identifiers": [
"CVE-2021-21409",
"GHSA-f256-j965-7f32",
"GHSA-wm47-8v5p-wjpj"
],
"not_impacted": "All versions starting from 4.1.61",
"package_slug": "maven/io.netty/netty-all",
"pubdate": "2021-03-30",
"solution": "Upgrade to version 4.1.61.Final or above.",
"title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
],
"uuid": "e504137b-5028-4a5c-a715-ece83d525533"
},
{
"affected_range": "(,4.1.61)",
"affected_versions": "All versions before 4.1.61",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-444",
"CWE-937"
],
"date": "2022-05-12",
"description": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case.",
"fixed_versions": [
"4.1.61.Final"
],
"identifier": "CVE-2021-21409",
"identifiers": [
"CVE-2021-21409",
"GHSA-f256-j965-7f32",
"GHSA-wm47-8v5p-wjpj"
],
"not_impacted": "All versions starting from 4.1.61",
"package_slug": "maven/io.netty/netty-codec-http",
"pubdate": "2021-03-30",
"solution": "Upgrade to version 4.1.61.Final or above.",
"title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
],
"uuid": "ac1901f1-d807-4fab-aa23-b351c0a76d0a"
},
{
"affected_range": "(,4.1.61)",
"affected_versions": "All versions before 4.1.61",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-444",
"CWE-937"
],
"date": "2022-05-12",
"description": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case.",
"fixed_versions": [
"4.1.61.Final"
],
"identifier": "CVE-2021-21409",
"identifiers": [
"CVE-2021-21409",
"GHSA-f256-j965-7f32",
"GHSA-wm47-8v5p-wjpj"
],
"not_impacted": "All versions starting from 4.1.61",
"package_slug": "maven/io.netty/netty-codec-http2",
"pubdate": "2021-03-30",
"solution": "Upgrade to version 4.1.61.Final or above.",
"title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
],
"uuid": "780377d0-cb88-49bb-b39d-12691a27cd6c"
},
{
"affected_range": "(,4.1.61)",
"affected_versions": "All versions before 4.1.61",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-444",
"CWE-937"
],
"date": "2022-05-12",
"description": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case.",
"fixed_versions": [
"4.1.61.Final"
],
"identifier": "CVE-2021-21409",
"identifiers": [
"CVE-2021-21409",
"GHSA-f256-j965-7f32",
"GHSA-wm47-8v5p-wjpj"
],
"not_impacted": "All versions starting from 4.1.61",
"package_slug": "maven/io.netty/netty-codec",
"pubdate": "2021-03-30",
"solution": "Upgrade to version 4.1.61.Final or above.",
"title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
],
"uuid": "2b720f5a-eb83-4e9f-a564-020d8e7ec270"
},
{
"affected_range": "(,4.1.61)",
"affected_versions": "All versions before 4.1.61",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-444",
"CWE-937"
],
"date": "2022-05-12",
"description": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case.",
"fixed_versions": [
"4.1.61.Final"
],
"identifier": "CVE-2021-21409",
"identifiers": [
"CVE-2021-21409",
"GHSA-f256-j965-7f32",
"GHSA-wm47-8v5p-wjpj"
],
"not_impacted": "All versions starting from 4.1.61",
"package_slug": "maven/io.netty/netty-handler",
"pubdate": "2021-03-30",
"solution": "Upgrade to version 4.1.61.Final or above.",
"title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
],
"uuid": "9dd12012-107b-4744-b4d5-db9b782b9e00"
},
{
"affected_range": "(,4.1.61)",
"affected_versions": "All versions before 4.1.61",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-444",
"CWE-937"
],
"date": "2022-05-12",
"description": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients.",
"fixed_versions": [
"4.1.61"
],
"identifier": "CVE-2021-21409",
"identifiers": [
"CVE-2021-21409",
"GHSA-f256-j965-7f32",
"GHSA-wm47-8v5p-wjpj"
],
"not_impacted": "All versions starting from 4.1.61",
"package_slug": "maven/io.netty/netty",
"pubdate": "2021-03-30",
"solution": "Upgrade to version 4.1.61 or above.",
"title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
],
"uuid": "5097aa6b-ad1c-49ae-8f27-3bf2209cc2c7"
},
{
"affected_range": "[3.5.10]",
"affected_versions": "Version 3.5.10",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-444",
"CWE-937"
],
"date": "2022-02-07",
"description": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (`io.netty:netty-codec-http2`), which is used by zookeeper, there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single `Http2HeaderFrame` with the `endStream` set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case.",
"fixed_versions": [
"3.6.0"
],
"identifier": "CVE-2021-21409",
"identifiers": [
"CVE-2021-21409",
"GHSA-f256-j965-7f32",
"GHSA-wm47-8v5p-wjpj"
],
"not_impacted": "All versions before 3.5.10, all versions after 3.5.10",
"package_slug": "maven/org.apache.zookeeper/zookeeper",
"pubdate": "2021-03-30",
"solution": "Upgrade to version 3.6.0 or above.",
"title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
],
"uuid": "857f8885-eebf-48ba-a1d2-b71f97ed0f2d"
},
{
"affected_range": "(,4.0.0)",
"affected_versions": "All versions before 4.0.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-444",
"CWE-937"
],
"date": "2023-08-16",
"description": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.",
"fixed_versions": [
"4.0.0"
],
"identifier": "CVE-2021-21409",
"identifiers": [
"GHSA-f256-j965-7f32",
"CVE-2021-21409"
],
"not_impacted": "",
"package_slug": "maven/org.jboss.netty/netty",
"pubdate": "2021-03-30",
"solution": "Upgrade to version 4.0.0 or above.",
"title": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"urls": [
"https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295",
"https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
"https://www.debian.org/security/2021/dsa-4885",
"https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3Cdev.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3Cnotifications.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3Ccommits.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3Cnotifications.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3Ccommits.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3Ccommits.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3Ccommits.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3Cnotifications.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3Ccommits.pulsar.apache.org%3E",
"https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3Ccommits.pulsar.apache.org%3E",
"https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3Ccommits.pulsar.apache.org%3E",
"https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3Cdev.flink.apache.org%3E",
"https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3Cjira.kafka.apache.org%3E",
"https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8@%3Cnotifications.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575@%3Cdev.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183@%3Cnotifications.zookeeper.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20210604-0003/",
"https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3Cissues.flink.apache.org%3E",
"https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3Cissues.flink.apache.org%3E",
"https://www.oracle.com//security-alerts/cpujul2021.html",
"https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3Cnotifications.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3Cissues.kudu.apache.org%3E",
"https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3Cissues.kudu.apache.org%3E",
"https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3Cissues.kudu.apache.org%3E",
"https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3Cissues.kudu.apache.org%3E",
"https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3Cissues.kudu.apache.org%3E",
"https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362@%3Cdev.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae@%3Cissues.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2@%3Ccommits.zookeeper.apache.org%3E",
"https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E",
"https://www.oracle.com/security-alerts/cpuoct2021.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://github.com/advisories/GHSA-f256-j965-7f32"
],
"uuid": "67a41cc4-a4b3-4167-bed1-5164f9da9e60"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.61",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "9.2.6.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13.7",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21409"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
},
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
},
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
},
{
"name": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"name": "DSA-4885",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3Cdev.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3Cissues.flink.apache.org%3E"
},
{
"name": "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3Cjira.kafka.apache.org%3E"
},
{
"name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210604-0003/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3Cissues.flink.apache.org%3E"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3Cissues.kudu.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-05-12T14:35Z",
"publishedDate": "2021-03-30T15:15Z"
}
}
}
OPENSUSE-SU-2024:14442-1
Vulnerability from csaf_opensuse - Published: 2024-10-30 00:00 - Updated: 2024-10-30 00:00Summary
netty-4.1.114-1.1 on GA media
Severity
Important
Notes
Title of the patch: netty-4.1.114-1.1 on GA media
Description of the patch: These are all security issues fixed in the netty-4.1.114-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14442
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "netty-4.1.114-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the netty-4.1.114-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14442",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14442-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14442-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TNFN6MBU4SQLAGX7GNFLRGTPGY3IBHZG/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14442-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TNFN6MBU4SQLAGX7GNFLRGTPGY3IBHZG/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21409 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21409/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37136 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37137 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24823 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-41881 page",
"url": "https://www.suse.com/security/cve/CVE-2022-41881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-41915 page",
"url": "https://www.suse.com/security/cve/CVE-2022-41915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34462 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-44487 page",
"url": "https://www.suse.com/security/cve/CVE-2023-44487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-29025 page",
"url": "https://www.suse.com/security/cve/CVE-2024-29025/"
}
],
"title": "netty-4.1.114-1.1 on GA media",
"tracking": {
"current_release_date": "2024-10-30T00:00:00Z",
"generator": {
"date": "2024-10-30T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14442-1",
"initial_release_date": "2024-10-30T00:00:00Z",
"revision_history": [
{
"date": "2024-10-30T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.114-1.1.aarch64",
"product": {
"name": "netty-4.1.114-1.1.aarch64",
"product_id": "netty-4.1.114-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.114-1.1.aarch64",
"product": {
"name": "netty-javadoc-4.1.114-1.1.aarch64",
"product_id": "netty-javadoc-4.1.114-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-poms-4.1.114-1.1.aarch64",
"product": {
"name": "netty-poms-4.1.114-1.1.aarch64",
"product_id": "netty-poms-4.1.114-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.114-1.1.ppc64le",
"product": {
"name": "netty-4.1.114-1.1.ppc64le",
"product_id": "netty-4.1.114-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.114-1.1.ppc64le",
"product": {
"name": "netty-javadoc-4.1.114-1.1.ppc64le",
"product_id": "netty-javadoc-4.1.114-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-poms-4.1.114-1.1.ppc64le",
"product": {
"name": "netty-poms-4.1.114-1.1.ppc64le",
"product_id": "netty-poms-4.1.114-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.114-1.1.s390x",
"product": {
"name": "netty-4.1.114-1.1.s390x",
"product_id": "netty-4.1.114-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.114-1.1.s390x",
"product": {
"name": "netty-javadoc-4.1.114-1.1.s390x",
"product_id": "netty-javadoc-4.1.114-1.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-poms-4.1.114-1.1.s390x",
"product": {
"name": "netty-poms-4.1.114-1.1.s390x",
"product_id": "netty-poms-4.1.114-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.114-1.1.x86_64",
"product": {
"name": "netty-4.1.114-1.1.x86_64",
"product_id": "netty-4.1.114-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.114-1.1.x86_64",
"product": {
"name": "netty-javadoc-4.1.114-1.1.x86_64",
"product_id": "netty-javadoc-4.1.114-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-poms-4.1.114-1.1.x86_64",
"product": {
"name": "netty-poms-4.1.114-1.1.x86_64",
"product_id": "netty-poms-4.1.114-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.114-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64"
},
"product_reference": "netty-4.1.114-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.114-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le"
},
"product_reference": "netty-4.1.114-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.114-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.114-1.1.s390x"
},
"product_reference": "netty-4.1.114-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.114-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64"
},
"product_reference": "netty-4.1.114-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.114-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64"
},
"product_reference": "netty-javadoc-4.1.114-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.114-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le"
},
"product_reference": "netty-javadoc-4.1.114-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.114-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x"
},
"product_reference": "netty-javadoc-4.1.114-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.114-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64"
},
"product_reference": "netty-javadoc-4.1.114-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-poms-4.1.114-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64"
},
"product_reference": "netty-poms-4.1.114-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-poms-4.1.114-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le"
},
"product_reference": "netty-poms-4.1.114-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-poms-4.1.114-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x"
},
"product_reference": "netty-poms-4.1.114-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-poms-4.1.114-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
},
"product_reference": "netty-poms-4.1.114-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-21409",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21409"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21409",
"url": "https://www.suse.com/security/cve/CVE-2021-21409"
},
{
"category": "external",
"summary": "SUSE Bug 1184203 for CVE-2021-21409",
"url": "https://bugzilla.suse.com/1184203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-30T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-21409"
},
{
"cve": "CVE-2021-37136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37136"
}
],
"notes": [
{
"category": "general",
"text": "The Bzip2 decompression decoder function doesn\u0027t allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37136",
"url": "https://www.suse.com/security/cve/CVE-2021-37136"
},
{
"category": "external",
"summary": "SUSE Bug 1190610 for CVE-2021-37136",
"url": "https://bugzilla.suse.com/1190610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-30T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-37136"
},
{
"cve": "CVE-2021-37137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37137"
}
],
"notes": [
{
"category": "general",
"text": "The Snappy frame decoder function doesn\u0027t restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37137",
"url": "https://www.suse.com/security/cve/CVE-2021-37137"
},
{
"category": "external",
"summary": "SUSE Bug 1190613 for CVE-2021-37137",
"url": "https://bugzilla.suse.com/1190613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-30T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-37137"
},
{
"cve": "CVE-2022-24823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24823"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty\u0027s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one\u0027s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24823",
"url": "https://www.suse.com/security/cve/CVE-2022-24823"
},
{
"category": "external",
"summary": "SUSE Bug 1199338 for CVE-2022-24823",
"url": "https://bugzilla.suse.com/1199338"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-30T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-24823"
},
{
"cve": "CVE-2022-41881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-41881"
}
],
"notes": [
{
"category": "general",
"text": "Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-41881",
"url": "https://www.suse.com/security/cve/CVE-2022-41881"
},
{
"category": "external",
"summary": "SUSE Bug 1206360 for CVE-2022-41881",
"url": "https://bugzilla.suse.com/1206360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-30T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-41881"
},
{
"cve": "CVE-2022-41915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-41915"
}
],
"notes": [
{
"category": "general",
"text": "Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator\u003c?\u003e)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-41915",
"url": "https://www.suse.com/security/cve/CVE-2022-41915"
},
{
"category": "external",
"summary": "SUSE Bug 1206379 for CVE-2022-41915",
"url": "https://bugzilla.suse.com/1206379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-30T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-41915"
},
{
"cve": "CVE-2023-34462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34462"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34462",
"url": "https://www.suse.com/security/cve/CVE-2023-34462"
},
{
"category": "external",
"summary": "SUSE Bug 1212637 for CVE-2023-34462",
"url": "https://bugzilla.suse.com/1212637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-30T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-34462"
},
{
"cve": "CVE-2023-44487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-44487"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-44487",
"url": "https://www.suse.com/security/cve/CVE-2023-44487"
},
{
"category": "external",
"summary": "SUSE Bug 1216109 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216109"
},
{
"category": "external",
"summary": "SUSE Bug 1216123 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216123"
},
{
"category": "external",
"summary": "SUSE Bug 1216169 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216169"
},
{
"category": "external",
"summary": "SUSE Bug 1216171 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216171"
},
{
"category": "external",
"summary": "SUSE Bug 1216174 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216174"
},
{
"category": "external",
"summary": "SUSE Bug 1216176 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216176"
},
{
"category": "external",
"summary": "SUSE Bug 1216181 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216181"
},
{
"category": "external",
"summary": "SUSE Bug 1216182 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216182"
},
{
"category": "external",
"summary": "SUSE Bug 1216190 for CVE-2023-44487",
"url": "https://bugzilla.suse.com/1216190"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-30T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-44487"
},
{
"cve": "CVE-2024-29025",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-29025"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-29025",
"url": "https://www.suse.com/security/cve/CVE-2024-29025"
},
{
"category": "external",
"summary": "SUSE Bug 1222045 for CVE-2024-29025",
"url": "https://bugzilla.suse.com/1222045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:netty-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-javadoc-4.1.114-1.1.x86_64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.aarch64",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.ppc64le",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.s390x",
"openSUSE Tumbleweed:netty-poms-4.1.114-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-30T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-29025"
}
]
}
RHSA-2021:1511
Vulnerability from csaf_redhat - Published: 2021-05-06 07:51 - Updated: 2026-03-18 02:06Summary
Red Hat Security Advisory: AMQ Clients 2.9.1 release and security update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat AMQ Clients 2.9.1.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.
This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 7 and 8.
Security Fix(es):
* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
* netty: Request smuggling via content-length header (CVE-2021-21409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure.
6.2 (Medium)
Affected products
Fixed
65 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.
5.9 (Medium)
Affected products
Fixed
65 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.
5.9 (Medium)
Affected products
Fixed
65 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat AMQ Clients 2.9.1.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7.\n\nThis update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 7 and 8.\n\nSecurity Fix(es):\n\n* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)\n\n* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:1511",
"url": "https://access.redhat.com/errata/RHSA-2021:1511"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/"
},
{
"category": "external",
"summary": "1927028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028"
},
{
"category": "external",
"summary": "1937364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
},
{
"category": "external",
"summary": "1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1511.json"
}
],
"title": "Red Hat Security Advisory: AMQ Clients 2.9.1 release and security update",
"tracking": {
"current_release_date": "2026-03-18T02:06:35+00:00",
"generator": {
"date": "2026-03-18T02:06:35+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2021:1511",
"initial_release_date": "2021-05-06T07:51:42+00:00",
"revision_history": [
{
"date": "2021-05-06T07:51:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-06T07:51:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:06:35+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Clients 2",
"product": {
"name": "Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:a_mq_clients:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Clients 2",
"product": {
"name": "Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:a_mq_clients:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Clients 2",
"product": {
"name": "Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:a_mq_clients:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Clients 2",
"product": {
"name": "Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:a_mq_clients:2::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Clients 2",
"product": {
"name": "Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:a_mq_clients:2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat AMQ Clients"
},
{
"branches": [
{
"category": "product_version",
"name": "python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"product": {
"name": "python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"product_id": "python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-qpid-proton@0.33.0-6.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"product": {
"name": "qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"product_id": "qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c@0.33.0-6.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"product": {
"name": "qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"product_id": "qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-devel@0.33.0-6.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"product": {
"name": "qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"product_id": "qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp@0.33.0-6.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"product": {
"name": "qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"product_id": "qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-devel@0.33.0-6.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"product": {
"name": "rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"product_id": "rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-qpid_proton@0.33.0-6.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"product": {
"name": "qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"product_id": "qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debuginfo@0.33.0-6.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"product": {
"name": "python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"product_id": "python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton@0.33.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-0:0.33.0-8.el8.x86_64",
"product": {
"name": "qpid-proton-c-0:0.33.0-8.el8.x86_64",
"product_id": "qpid-proton-c-0:0.33.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c@0.33.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"product": {
"name": "qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"product_id": "qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-devel@0.33.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"product": {
"name": "qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"product_id": "qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp@0.33.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"product": {
"name": "qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"product_id": "qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-devel@0.33.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"product": {
"name": "rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"product_id": "rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-qpid_proton@0.33.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"product": {
"name": "qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"product_id": "qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debugsource@0.33.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"product": {
"name": "python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"product_id": "python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-qpid-proton-debuginfo@0.33.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"product": {
"name": "qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"product_id": "qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-debuginfo@0.33.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"product": {
"name": "qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"product_id": "qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-debuginfo@0.33.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"product": {
"name": "qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"product_id": "qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-debuginfo@0.33.0-8.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64",
"product": {
"name": "rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64",
"product_id": "rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rubygem-qpid_proton-debuginfo@0.33.0-8.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"product": {
"name": "python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"product_id": "python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-qpid-proton-docs@0.33.0-6.el7_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"product": {
"name": "qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"product_id": "qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-docs@0.33.0-6.el7_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"product": {
"name": "qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"product_id": "qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-docs@0.33.0-6.el7_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"product": {
"name": "qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"product_id": "qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-tests@0.33.0-6.el7_9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"product": {
"name": "python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"product_id": "python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-qpid-proton-docs@0.33.0-8.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"product": {
"name": "qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"product_id": "qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-c-docs@0.33.0-8.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"product": {
"name": "qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"product_id": "qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-cpp-docs@0.33.0-8.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-tests-0:0.33.0-8.el8.noarch",
"product": {
"name": "qpid-proton-tests-0:0.33.0-8.el8.noarch",
"product_id": "qpid-proton-tests-0:0.33.0-8.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton-tests@0.33.0-8.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-proton-0:0.33.0-6.el7_9.src",
"product": {
"name": "qpid-proton-0:0.33.0-6.el7_9.src",
"product_id": "qpid-proton-0:0.33.0-6.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton@0.33.0-6.el7_9?arch=src"
}
}
},
{
"category": "product_version",
"name": "qpid-proton-0:0.33.0-8.el8.src",
"product": {
"name": "qpid-proton-0:0.33.0-8.el8.src",
"product_id": "qpid-proton-0:0.33.0-8.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-proton@0.33.0-8.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qpid-proton-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Client-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7Client-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-0:0.33.0-6.el7_9.src as a component of Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src"
},
"product_reference": "qpid-proton-0:0.33.0-6.el7_9.src",
"relates_to_product_reference": "7Client-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Client-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Client-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7Client-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Client-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Client-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7Client-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Client-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-tests-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7Client-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Client-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qpid-proton-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7ComputeNode-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-0:0.33.0-6.el7_9.src as a component of Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src"
},
"product_reference": "qpid-proton-0:0.33.0-6.el7_9.src",
"relates_to_product_reference": "7ComputeNode-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7ComputeNode-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7ComputeNode-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-tests-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7ComputeNode-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7ComputeNode-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qpid-proton-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Server-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7Server-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-0:0.33.0-6.el7_9.src as a component of Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src"
},
"product_reference": "qpid-proton-0:0.33.0-6.el7_9.src",
"relates_to_product_reference": "7Server-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Server-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Server-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7Server-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Server-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Server-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7Server-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Server-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-tests-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7Server-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Server-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qpid-proton-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7Workstation-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-0:0.33.0-6.el7_9.src as a component of Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src"
},
"product_reference": "qpid-proton-0:0.33.0-6.el7_9.src",
"relates_to_product_reference": "7Workstation-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7Workstation-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7Workstation-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-tests-0:0.33.0-6.el7_9.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch"
},
"product_reference": "qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"relates_to_product_reference": "7Workstation-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64"
},
"product_reference": "rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-qpid-proton-docs-0:0.33.0-8.el8.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch"
},
"product_reference": "python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-0:0.33.0-8.el8.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64"
},
"product_reference": "python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64"
},
"product_reference": "python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-0:0.33.0-8.el8.src as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src"
},
"product_reference": "qpid-proton-0:0.33.0-8.el8.src",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-0:0.33.0-8.el8.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64"
},
"product_reference": "qpid-proton-c-0:0.33.0-8.el8.x86_64",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64"
},
"product_reference": "qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-devel-0:0.33.0-8.el8.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64"
},
"product_reference": "qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-c-docs-0:0.33.0-8.el8.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch"
},
"product_reference": "qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-0:0.33.0-8.el8.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64"
},
"product_reference": "qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64"
},
"product_reference": "qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64"
},
"product_reference": "qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch"
},
"product_reference": "qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64"
},
"product_reference": "qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-debugsource-0:0.33.0-8.el8.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64"
},
"product_reference": "qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-proton-tests-0:0.33.0-8.el8.noarch as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch"
},
"product_reference": "qpid-proton-tests-0:0.33.0-8.el8.noarch",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-0:0.33.0-8.el8.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64"
},
"product_reference": "rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64 as a component of Red Hat AMQ Clients 2",
"product_id": "8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64"
},
"product_reference": "rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64",
"relates_to_product_reference": "8Base-AMQ-Clients-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-21290",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1927028"
}
],
"notes": [
{
"category": "description",
"text": "In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty\u0027s multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Information disclosure via the local system temporary directory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src",
"8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21290"
},
{
"category": "external",
"summary": "RHBZ#1927028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290"
}
],
"release_date": "2021-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-06T07:51:42+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src",
"8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src",
"8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: Information disclosure via the local system temporary directory"
},
{
"cve": "CVE-2021-21295",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937364"
}
],
"notes": [
{
"category": "description",
"text": "In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel\u0027s pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: possible request smuggling in HTTP/2 due missing validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src",
"8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21295"
},
{
"category": "external",
"summary": "RHBZ#1937364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
}
],
"release_date": "2021-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-06T07:51:42+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src",
"8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src",
"8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: possible request smuggling in HTTP/2 due missing validation"
},
{
"cve": "CVE-2021-21409",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Request smuggling via content-length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src",
"8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21409"
},
{
"category": "external",
"summary": "RHBZ#1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
}
],
"release_date": "2021-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-06T07:51:42+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src",
"8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1511"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Client-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Client-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Client-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Client-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7ComputeNode-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7ComputeNode-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Server-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Server-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Server-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-0:0.33.0-6.el7_9.src",
"7Workstation-AMQ-Clients-2:qpid-proton-c-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-6.el7_9.x86_64",
"7Workstation-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-6.el7_9.noarch",
"7Workstation-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-6.el7_9.x86_64",
"8Base-AMQ-Clients-2:python-qpid-proton-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:python3-qpid-proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:python3-qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-0:0.33.0-8.el8.src",
"8Base-AMQ-Clients-2:qpid-proton-c-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-c-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-cpp-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-devel-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-cpp-docs-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:qpid-proton-debuginfo-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-debugsource-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:qpid-proton-tests-0:0.33.0-8.el8.noarch",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-0:0.33.0-8.el8.x86_64",
"8Base-AMQ-Clients-2:rubygem-qpid_proton-debuginfo-0:0.33.0-8.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Request smuggling via content-length header"
}
]
}
RHSA-2021:2139
Vulnerability from csaf_redhat - Published: 2021-05-26 21:49 - Updated: 2026-05-14 22:31Summary
Red Hat Security Advisory: Red Hat Data Grid 8.2.0 security update
Severity
Critical
Notes
Topic: A security update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Data Grid is a distributed, in-memory data store.
This release of Red Hat Data Grid 8.2.0 serves as a replacement for Red Hat Data Grid 8.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* Infinispan: Authentication bypass on REST endpoints when using DIGEST authentication mechanism (CVE-2021-31917)
* XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344)
* XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345)
* XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346)
* XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347)
* XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader (CVE-2021-21350)
* Infinispan: Actions with effects should not be permitted via GET requests using REST API (CVE-2020-10771)
* XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258)
* XStream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259)
* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
* XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341)
* XStream: SSRF via crafted input stream (CVE-2021-21342)
* XStream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343)
* XStream: ReDoS vulnerability (CVE-2021-21348)
* XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349)
* XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351)
* netty: Request smuggling via content-length header (CVE-2021-21409)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in infinispan-server-rest version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a Cross-site request forgery (CSRF) attack.
7.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.
7.7 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.
6.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in xstream. A remote attacker, who has sufficient rights, can execute commands of the host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in xstream. A remote attacker can load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Red Hat DataGrid and Infinispan. An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9.8 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Data Grid 8.2.0
Red Hat / Red Hat JBoss Data Grid
|
cpe:/a:redhat:jboss_data_grid:8
|
— |
Vendor Fix
fix
|
Threats
Impact
Critical
References
97 references
Acknowledgments
Red Hat
Diego Lovison
Red Hat
Ryan Emerson
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update for Red Hat Data Grid is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Data Grid is a distributed, in-memory data store.\n\nThis release of Red Hat Data Grid 8.2.0 serves as a replacement for Red Hat Data Grid 8.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* Infinispan: Authentication bypass on REST endpoints when using DIGEST authentication mechanism (CVE-2021-31917)\n\n* XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344)\n\n* XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345)\n\n* XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346)\n\n* XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347)\n\n* XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader (CVE-2021-21350)\n\n* Infinispan: Actions with effects should not be permitted via GET requests using REST API (CVE-2020-10771)\n\n* XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling (CVE-2020-26258)\n\n* XStream: arbitrary file deletion on the local host when unmarshalling (CVE-2020-26259)\n\n* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)\n\n* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)\n\n* XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream (CVE-2021-21341)\n\n* XStream: SSRF via crafted input stream (CVE-2021-21342)\n\n* XStream: arbitrary file deletion on the local host via crafted input stream (CVE-2021-21343)\n\n* XStream: ReDoS vulnerability (CVE-2021-21348)\n\n* XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host (CVE-2021-21349)\n\n* XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream (CVE-2021-21351)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2139",
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=data.grid\u0026version=8.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=data.grid\u0026version=8.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html/upgrading_data_grid/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/8.2/html/upgrading_data_grid/"
},
{
"category": "external",
"summary": "1846293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846293"
},
{
"category": "external",
"summary": "1908832",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908832"
},
{
"category": "external",
"summary": "1908837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908837"
},
{
"category": "external",
"summary": "1927028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028"
},
{
"category": "external",
"summary": "1937364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
},
{
"category": "external",
"summary": "1942539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942539"
},
{
"category": "external",
"summary": "1942545",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942545"
},
{
"category": "external",
"summary": "1942550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942550"
},
{
"category": "external",
"summary": "1942554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942554"
},
{
"category": "external",
"summary": "1942558",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942558"
},
{
"category": "external",
"summary": "1942578",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942578"
},
{
"category": "external",
"summary": "1942629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942629"
},
{
"category": "external",
"summary": "1942633",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942633"
},
{
"category": "external",
"summary": "1942635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942635"
},
{
"category": "external",
"summary": "1942637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942637"
},
{
"category": "external",
"summary": "1942642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942642"
},
{
"category": "external",
"summary": "1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "1955113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955113"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2139.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Data Grid 8.2.0 security update",
"tracking": {
"current_release_date": "2026-05-14T22:31:14+00:00",
"generator": {
"date": "2026-05-14T22:31:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:2139",
"initial_release_date": "2021-05-26T21:49:45+00:00",
"revision_history": [
{
"date": "2021-05-26T21:49:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-26T21:49:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:31:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Data Grid 8.2.0",
"product": {
"name": "Red Hat Data Grid 8.2.0",
"product_id": "Red Hat Data Grid 8.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_grid:8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Data Grid"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Diego Lovison"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2020-10771",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"discovery_date": "2020-03-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1846293"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in infinispan-server-rest version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a Cross-site request forgery (CSRF) attack.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "infinispan-server-rest: Actions with effects should not be permitted via GET requests using REST API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-10771"
},
{
"category": "external",
"summary": "RHBZ#1846293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-10771",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10771"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10771",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10771"
}
],
"release_date": "2020-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "infinispan-server-rest: Actions with effects should not be permitted via GET requests using REST API"
},
{
"cve": "CVE-2020-26258",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2020-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1908832"
}
],
"notes": [
{
"category": "description",
"text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream\u0027s Security Framework with a whitelist! Anyone relying on XStream\u0027s default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers jenkins package with bundled XStream library. Due to JEP-200 Jenkins project [1] and advisory SECURITY-383 [2], OCP jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://www.jenkins.io/security/advisory/2017-02-01/ (see SECURITY-383 / CVE-2017-2608)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26258"
},
{
"category": "external",
"summary": "RHBZ#1908832",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908832"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26258",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26258"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26258",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26258"
}
],
"release_date": "2020-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
},
{
"category": "workaround",
"details": "As recommended, use XStream\u0027s security framework to implement a whitelist for the allowed types.\n\nUsers of XStream 1.4.14 who insist to use XStream default blacklist - despite that clear recommendation - can simply add two lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.13 who want to use XStream default blacklist can simply add three lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a blacklist will have to setup such a list from scratch and deny at least the following types: javax.imageio.ImageIO$ContainsFilter, java.beans.EventHandler, java.lang.ProcessBuilder, jdk.nashorn.internal.objects.NativeString, java.lang.Void and void and deny several types by name pattern.\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$LazyIterator\", \"javax\\\\.crypto\\\\..*\", \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n\nxstream.registerConverter(new Converter() {\n public boolean canConvert(Class type) {\n return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class\n || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || type.getName().equals(\"jdk.nashorn.internal.objects.NativeString\")\n || type == java.lang.Void.class || void.class || Proxy.isProxy(type)\n || type.getName().startsWith(\"javax.crypto.\") || type.getName().endsWith(\"$LazyIterator\") || type.getName().endsWith(\".ReadAllStream$FileStream\"));\n }\n\n public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n\n public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n}, XStream.PRIORITY_LOW);",
"product_ids": [
"Red Hat Data Grid 8.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "XStream: Server-Side Forgery Request vulnerability can be activated when unmarshalling"
},
{
"cve": "CVE-2020-26259",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2020-12-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1908837"
}
],
"notes": [
{
"category": "description",
"text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream\u0027s Security Framework with a whitelist! Anyone relying on XStream\u0027s default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: arbitrary file deletion on the local host when unmarshalling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers jenkins package with bundled XStream library. Due to JEP-200 Jenkins project [1] and advisory SECURITY-383 [2], OCP jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://www.jenkins.io/security/advisory/2017-02-01/ (see SECURITY-383 / CVE-2017-2608)",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-26259"
},
{
"category": "external",
"summary": "RHBZ#1908837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1908837"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-26259",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26259"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26259",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26259"
}
],
"release_date": "2020-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
},
{
"category": "workaround",
"details": "As recommended, use XStream\u0027s security framework to implement a whitelist for the allowed types.\n\nUsers of XStream 1.4.14 who insist to use XStream default blacklist - despite that clear recommendation - can simply add two lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.13 who want to use XStream default blacklist can simply add three lines to XStream\u0027s setup code:\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.12 to 1.4.7 who want to use XStream with a blacklist will have to setup such a list from scratch and deny at least the following types: javax.imageio.ImageIO$ContainsFilter, java.beans.EventHandler, java.lang.ProcessBuilder, jdk.nashorn.internal.objects.NativeString, java.lang.Void and void and deny several types by name pattern.\n\nxstream.denyTypes(new String[]{ \"javax.imageio.ImageIO$ContainsFilter\", \"jdk.nashorn.internal.objects.NativeString\" });\nxstream.denyTypes(new Class[]{ java.lang.ProcessBuilder.class, java.beans.EventHandler.class, java.lang.ProcessBuilder.class, java.lang.Void.class, void.class });\nxstream.denyTypesByRegExp(new String[]{ \".*\\\\$LazyIterator\", \"javax\\\\.crypto\\\\..*\", \".*\\\\.ReadAllStream\\\\$FileStream\" });\n\nUsers of XStream 1.4.6 or below can register an own converter to prevent the unmarshalling of the currently know critical types of the Java runtime. It is in fact an updated version of the workaround for CVE-2013-7285:\n\nxstream.registerConverter(new Converter() {\n public boolean canConvert(Class type) {\n return type != null \u0026\u0026 (type == java.beans.EventHandler.class || type == java.lang.ProcessBuilder.class\n || type.getName().equals(\"javax.imageio.ImageIO$ContainsFilter\") || type.getName().equals(\"jdk.nashorn.internal.objects.NativeString\")\n || type == java.lang.Void.class || void.class || Proxy.isProxy(type)\n || type.getName().startsWith(\"javax.crypto.\") || type.getName().endsWith(\"$LazyIterator\") || type.getName().endsWith(\".ReadAllStream$FileStream\"));\n }\n\n public Object unmarshal(HierarchicalStreamReader reader, UnmarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n\n public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {\n throw new ConversionException(\"Unsupported type due to security reasons.\");\n }\n}, XStream.PRIORITY_LOW);",
"product_ids": [
"Red Hat Data Grid 8.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "XStream: arbitrary file deletion on the local host when unmarshalling"
},
{
"cve": "CVE-2021-21290",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1927028"
}
],
"notes": [
{
"category": "description",
"text": "In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty\u0027s multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Information disclosure via the local system temporary directory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21290"
},
{
"category": "external",
"summary": "RHBZ#1927028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290"
}
],
"release_date": "2021-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Information disclosure via the local system temporary directory"
},
{
"cve": "CVE-2021-21295",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937364"
}
],
"notes": [
{
"category": "description",
"text": "In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel\u0027s pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: possible request smuggling in HTTP/2 due missing validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21295"
},
{
"category": "external",
"summary": "RHBZ#1937364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
}
],
"release_date": "2021-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: possible request smuggling in HTTP/2 due missing validation"
},
{
"cve": "CVE-2021-21341",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1942539"
}
],
"notes": [
{
"category": "description",
"text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21341"
},
{
"category": "external",
"summary": "RHBZ#1942539",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942539"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21341"
}
],
"release_date": "2021-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "XStream: allow a remote attacker to cause DoS only by manipulating the processed input stream"
},
{
"cve": "CVE-2021-21342",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2021-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1942545"
}
],
"notes": [
{
"category": "description",
"text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in a server-side forgery request. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: SSRF via crafted input stream",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21342"
},
{
"category": "external",
"summary": "RHBZ#1942545",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942545"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21342",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21342"
}
],
"release_date": "2021-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "XStream: SSRF via crafted input stream"
},
{
"cve": "CVE-2021-21343",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1942550"
}
],
"notes": [
{
"category": "description",
"text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on these type information. An attacker can manipulate the processed input stream and replace or inject objects, that result in the deletion of a file on the local host. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: arbitrary file deletion on the local host via crafted input stream",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21343"
},
{
"category": "external",
"summary": "RHBZ#1942550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21343",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21343"
}
],
"release_date": "2021-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "XStream: arbitrary file deletion on the local host via crafted input stream"
},
{
"cve": "CVE-2021-21344",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1942554"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21344"
},
{
"category": "external",
"summary": "RHBZ#1942554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21344",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21344"
}
],
"release_date": "2021-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet"
},
{
"cve": "CVE-2021-21345",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1942558"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xstream. A remote attacker, who has sufficient rights, can execute commands of the host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21345"
},
{
"category": "external",
"summary": "RHBZ#1942558",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942558"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21345",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21345"
}
],
"release_date": "2021-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry"
},
{
"cve": "CVE-2021-21346",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1942578"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xstream. A remote attacker can load and execute arbitrary code from a remote host by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21346"
},
{
"category": "external",
"summary": "RHBZ#1942578",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942578"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21346",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21346"
}
],
"release_date": "2021-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue"
},
{
"cve": "CVE-2021-21347",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1942629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xstream. A remote attacker may be able to load and execute arbitrary code from a remote host only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21347"
},
{
"category": "external",
"summary": "RHBZ#1942629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21347",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21347"
}
],
"release_date": "2021-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator"
},
{
"cve": "CVE-2021-21348",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2021-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1942633"
}
],
"notes": [
{
"category": "description",
"text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: ReDoS vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21348"
},
{
"category": "external",
"summary": "RHBZ#1942633",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942633"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21348",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21348"
}
],
"release_date": "2021-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "XStream: ReDoS vulnerability"
},
{
"cve": "CVE-2021-21349",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2021-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1942635"
}
],
"notes": [
{
"category": "description",
"text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21349"
},
{
"category": "external",
"summary": "RHBZ#1942635",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942635"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21349"
}
],
"release_date": "2021-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "XStream: SSRF can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host"
},
{
"cve": "CVE-2021-21350",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1942637"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in xstream. A remote attacker may be able to execute arbitrary code only by manipulating the processed input stream. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21350"
},
{
"category": "external",
"summary": "RHBZ#1942637",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942637"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21350",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21350"
}
],
"release_date": "2021-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader"
},
{
"cve": "CVE-2021-21351",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2021-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1942642"
}
],
"notes": [
{
"category": "description",
"text": "XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types. If you rely on XStream\u0027s default blacklist of the Security Framework, you will have to use at least version 1.4.16.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) delivers Jenkins LTS package with bundled XStream library. Due to JEP-200 [1] and JEP-228 [2] Jenkins projects, OCP Jenkins package is not affected by this flaw.\n\n[1] https://github.com/jenkinsci/jep/blob/master/jep/200/README.adoc\n[2] https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc#security",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21351"
},
{
"category": "external",
"summary": "RHBZ#1942642",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942642"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21351",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21351"
}
],
"release_date": "2021-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "XStream: allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream"
},
{
"cve": "CVE-2021-21409",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Request smuggling via content-length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21409"
},
{
"category": "external",
"summary": "RHBZ#1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
}
],
"release_date": "2021-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Request smuggling via content-length header"
},
{
"acknowledgments": [
{
"names": [
"Ryan Emerson"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-31917",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2021-04-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1955113"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat DataGrid and Infinispan. An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Infinispan: Authentication bypass on REST endpoints when using DIGEST authentication mechanism",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Data Grid 8.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-31917"
},
{
"category": "external",
"summary": "RHBZ#1955113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1955113"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-31917",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31917"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31917",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31917"
}
],
"release_date": "2021-05-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-26T21:49:45+00:00",
"details": "Refer to the Data Grid 8.2 Upgrade Guide for instructions on upgrading to this version.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Data Grid 8.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2139"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Data Grid 8.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Infinispan: Authentication bypass on REST endpoints when using DIGEST authentication mechanism"
}
]
}
RHSA-2021:2465
Vulnerability from csaf_redhat - Published: 2021-07-07 06:29 - Updated: 2026-05-14 22:31Summary
Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.0 security update
Severity
Moderate
Notes
Topic: An update is now available for Red Hat build of Eclipse Vert.x.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section.
Details: This release of Red Hat build of Eclipse Vert.x 4.1.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.
Security Fix(es):
* netty: Request smuggling via content-length header (CVE-2021-21409)
* apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)
For more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Vert.x 4.1.0
Red Hat / Red Hat OpenShift Application Runtimes
|
cpe:/a:redhat:openshift_application_runtimes:1.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Vert.x 4.1.0
Red Hat / Red Hat OpenShift Application Runtimes
|
cpe:/a:redhat:openshift_application_runtimes:1.0
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat build of Eclipse Vert.x.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat build of Eclipse Vert.x 4.1.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section.\n\nSecurity Fix(es):\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 (CVE-2021-29425)\n\nFor more details about the security issues and their impact, the CVSS score, acknowledgements, and other related information, see the CVE pages listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2465",
"url": "https://access.redhat.com/errata/RHSA-2021:2465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.eclipse.vertx\u0026version=4.1.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.eclipse.vertx\u0026version=4.1.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index"
},
{
"category": "external",
"summary": "1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "1948752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948752"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2465.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.1.0 security update",
"tracking": {
"current_release_date": "2026-05-14T22:31:19+00:00",
"generator": {
"date": "2026-05-14T22:31:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:2465",
"initial_release_date": "2021-07-07T06:29:29+00:00",
"revision_history": [
{
"date": "2021-07-07T06:29:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-07T06:29:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:31:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Vert.x 4.1.0",
"product": {
"name": "Vert.x 4.1.0",
"product_id": "Vert.x 4.1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Application Runtimes"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-21409",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Request smuggling via content-length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Vert.x 4.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21409"
},
{
"category": "external",
"summary": "RHBZ#1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
}
],
"release_date": "2021-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-07T06:29:29+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Vert.x 4.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Vert.x 4.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Request smuggling via content-length header"
},
{
"cve": "CVE-2021-29425",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2021-04-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1948752"
}
],
"notes": [
{
"category": "description",
"text": "In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like \"//../foo\", or \"\\\\..\\foo\", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus \"limited\" path traversal), if the calling code would use the result to construct a path value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While the apache-commons-io package included in Red Hat Enterprise Linux 8 Maven App Stream contains the vulnerable code, it is not used in any way by Maven or other packages in this module. This package is not an API component of Maven, thus the affected code can not be reached in any supported scenario.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Vert.x 4.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29425"
},
{
"category": "external",
"summary": "RHBZ#1948752",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948752"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29425"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-07T06:29:29+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link for the update. You must be logged in to download the update.",
"product_ids": [
"Vert.x 4.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2465"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Vert.x 4.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6"
}
]
}
RHSA-2021:2689
Vulnerability from csaf_redhat - Published: 2021-07-12 12:12 - Updated: 2026-05-14 22:31Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.8.2 release and security update
Severity
Moderate
Notes
Topic: Red Hat AMQ Broker 7.8.2 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.8.2 serves as a replacement for Red Hat AMQ Broker 7.8.1, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS (CVE-2020-27223)
* Red Hat AMQ Broker: discloses JDBC username and password in the application log file (CVE-2021-3425)
* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
* netty: Request smuggling via content-length header (CVE-2021-21409)
* jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)
* jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)
* jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.8.2
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.8.2
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.8.2
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.8.2
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.8.2
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality.
CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.8.2
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.8.2
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat AMQ 7.8.2
Red Hat / Red Hat JBoss AMQ
|
cpe:/a:redhat:amq_broker:7
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
51 references
Acknowledgments
Red Hat
Wai Chun Hui
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Broker 7.8.2 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. \n\nThis release of Red Hat AMQ Broker 7.8.2 serves as a replacement for Red Hat AMQ Broker 7.8.1, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS (CVE-2020-27223)\n\n* Red Hat AMQ Broker: discloses JDBC username and password in the application log file (CVE-2021-3425)\n\n* netty: Information disclosure via the local system temporary directory (CVE-2021-21290)\n\n* netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)\n\n* jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)\n\n* jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2689",
"url": "https://access.redhat.com/errata/RHSA-2021:2689"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.8.2",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.8.2"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq/2020.q4/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/2020.q4/"
},
{
"category": "external",
"summary": "1927028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028"
},
{
"category": "external",
"summary": "1934116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116"
},
{
"category": "external",
"summary": "1936629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936629"
},
{
"category": "external",
"summary": "1937364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
},
{
"category": "external",
"summary": "1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "1945710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945710"
},
{
"category": "external",
"summary": "1945712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945712"
},
{
"category": "external",
"summary": "1945714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2689.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.8.2 release and security update",
"tracking": {
"current_release_date": "2026-05-14T22:31:19+00:00",
"generator": {
"date": "2026-05-14T22:31:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:2689",
"initial_release_date": "2021-07-12T12:12:08+00:00",
"revision_history": [
{
"date": "2021-07-12T12:12:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-12T12:12:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:31:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ 7.8.2",
"product": {
"name": "Red Hat AMQ 7.8.2",
"product_id": "Red Hat AMQ 7.8.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_broker:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-27223",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-02-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1934116"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of \u201cquality\u201d (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.8.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-27223"
},
{
"category": "external",
"summary": "RHBZ#1934116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934116"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-27223",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27223"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7"
}
],
"release_date": "2021-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-12T12:12:08+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.8.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2689"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.8.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: request containing multiple Accept headers with a large number of \"quality\" parameters may lead to DoS"
},
{
"acknowledgments": [
{
"names": [
"Wai Chun Hui"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2021-3425",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2021-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1936629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Broker: discloses JDBC username and password in the application log file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.8.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3425"
},
{
"category": "external",
"summary": "RHBZ#1936629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3425"
}
],
"release_date": "2021-03-08T20:30:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-12T12:12:08+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.8.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2689"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.8.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Broker: discloses JDBC username and password in the application log file"
},
{
"cve": "CVE-2021-21290",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-02-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1927028"
}
],
"notes": [
{
"category": "description",
"text": "In Netty there is a vulnerability on Unix-like systems involving an insecure temp file. When netty\u0027s multipart decoders are used, a local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Information disclosure via the local system temporary directory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.8.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21290"
},
{
"category": "external",
"summary": "RHBZ#1927028",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290"
}
],
"release_date": "2021-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-12T12:12:08+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.8.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2689"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.8.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "netty: Information disclosure via the local system temporary directory"
},
{
"cve": "CVE-2021-21295",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1937364"
}
],
"notes": [
{
"category": "description",
"text": "In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel\u0027s pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: possible request smuggling in HTTP/2 due missing validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.8.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21295"
},
{
"category": "external",
"summary": "RHBZ#1937364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1937364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21295"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
"url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
}
],
"release_date": "2021-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-12T12:12:08+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.8.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2689"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.8.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: possible request smuggling in HTTP/2 due missing validation"
},
{
"cve": "CVE-2021-21409",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Request smuggling via content-length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.8.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21409"
},
{
"category": "external",
"summary": "RHBZ#1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
}
],
"release_date": "2021-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-12T12:12:08+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.8.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2689"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.8.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Request smuggling via content-length header"
},
{
"cve": "CVE-2021-28163",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1945710"
}
],
"notes": [
{
"category": "description",
"text": "If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Symlink directory exposes webapp directory contents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nRed Hat CodeReady Studio 12 is not affected by this vulnerability because it does not ship a vulnerable version of jetty.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.8.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28163"
},
{
"category": "external",
"summary": "RHBZ#1945710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945710"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq"
}
],
"release_date": "2021-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-12T12:12:08+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.8.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2689"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.8.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Symlink directory exposes webapp directory contents"
},
{
"cve": "CVE-2021-28164",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2021-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1945712"
}
],
"notes": [
{
"category": "description",
"text": "In Jetty the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can use this vulnerability to reveal sensitive information regarding the implementation of a web application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Ambiguous paths can access WEB-INF",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nRed Hat CodeReady Studio 12 is not affected by this vulnerability because it does not ship a vulnerable version of jetty.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.8.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28164"
},
{
"category": "external",
"summary": "RHBZ#1945712",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945712"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28164",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28164"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-v7ff-8wcx-gmc5"
}
],
"release_date": "2021-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-12T12:12:08+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.8.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2689"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.8.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Ambiguous paths can access WEB-INF"
},
{
"cve": "CVE-2021-28165",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1945714"
}
],
"notes": [
{
"category": "description",
"text": "When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jetty: Resource exhaustion when receiving an invalid large TLS frame",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AMQ 7.8.2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28165"
},
{
"category": "external",
"summary": "RHBZ#1945714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165"
},
{
"category": "external",
"summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w"
}
],
"release_date": "2021-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-12T12:12:08+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat AMQ 7.8.2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2689"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AMQ 7.8.2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jetty: Resource exhaustion when receiving an invalid large TLS frame"
}
]
}
RHSA-2021:2692
Vulnerability from csaf_redhat - Published: 2021-07-13 13:10 - Updated: 2026-03-18 02:06Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 6 security update
Severity
Moderate
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* netty: Request smuggling via content-length header (CVE-2021-21409)
* wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity.
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Affected products
Fixed
75 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.
5.9 (Medium)
Affected products
Fixed
75 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
32 references
Acknowledgments
Damian Bury
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2692",
"url": "https://access.redhat.com/errata/RHSA-2021:2692"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "1948001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948001"
},
{
"category": "external",
"summary": "JBEAP-20264",
"url": "https://issues.redhat.com/browse/JBEAP-20264"
},
{
"category": "external",
"summary": "JBEAP-20503",
"url": "https://issues.redhat.com/browse/JBEAP-20503"
},
{
"category": "external",
"summary": "JBEAP-20623",
"url": "https://issues.redhat.com/browse/JBEAP-20623"
},
{
"category": "external",
"summary": "JBEAP-21178",
"url": "https://issues.redhat.com/browse/JBEAP-21178"
},
{
"category": "external",
"summary": "JBEAP-21406",
"url": "https://issues.redhat.com/browse/JBEAP-21406"
},
{
"category": "external",
"summary": "JBEAP-21421",
"url": "https://issues.redhat.com/browse/JBEAP-21421"
},
{
"category": "external",
"summary": "JBEAP-21434",
"url": "https://issues.redhat.com/browse/JBEAP-21434"
},
{
"category": "external",
"summary": "JBEAP-21435",
"url": "https://issues.redhat.com/browse/JBEAP-21435"
},
{
"category": "external",
"summary": "JBEAP-21437",
"url": "https://issues.redhat.com/browse/JBEAP-21437"
},
{
"category": "external",
"summary": "JBEAP-21441",
"url": "https://issues.redhat.com/browse/JBEAP-21441"
},
{
"category": "external",
"summary": "JBEAP-21443",
"url": "https://issues.redhat.com/browse/JBEAP-21443"
},
{
"category": "external",
"summary": "JBEAP-21444",
"url": "https://issues.redhat.com/browse/JBEAP-21444"
},
{
"category": "external",
"summary": "JBEAP-21567",
"url": "https://issues.redhat.com/browse/JBEAP-21567"
},
{
"category": "external",
"summary": "JBEAP-21582",
"url": "https://issues.redhat.com/browse/JBEAP-21582"
},
{
"category": "external",
"summary": "JBEAP-21739",
"url": "https://issues.redhat.com/browse/JBEAP-21739"
},
{
"category": "external",
"summary": "JBEAP-21977",
"url": "https://issues.redhat.com/browse/JBEAP-21977"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2692.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 6 security update",
"tracking": {
"current_release_date": "2026-03-18T02:06:33+00:00",
"generator": {
"date": "2026-03-18T02:06:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2021:2692",
"initial_release_date": "2021-07-13T13:10:19+00:00",
"revision_history": [
{
"date": "2021-07-13T13:10:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-13T13:10:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:06:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.23-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.13-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src",
"product_id": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.38-1.SP1_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.23-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.15-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.28-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src",
"product_id": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.20-3.SP1_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.33-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.3-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src",
"product_id": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.8-1.Final_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-7.Final_redhat_00008.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.8-1.GA_redhat_00001.1.el6eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.23-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.23-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.23-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.23-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.23-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.23-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.23-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.23-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.23-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.13-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.13-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.38-1.SP1_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.23-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.15-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.28-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.28-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.28-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.28-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.63-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.20-3.SP1_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.20-3.SP1_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.20-3.SP1_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.20-3.SP1_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.20-3.SP1_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.33-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.33-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.33-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.33-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.33-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.33-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.33-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.33-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.33-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.3-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.8-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.8-1.Final_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-7.Final_redhat_00008.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.8-1.GA_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.8-1.GA_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.8-1.GA_redhat_00001.1.el6eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Damian Bury"
]
}
],
"cve": "CVE-2021-3536",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1948001"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: XSS via admin console when creating roles in domain mode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect Red Hat CodeReady Studio 12 because it uses the Wildfly client only. The domain mode is not used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3536"
},
{
"category": "external",
"summary": "RHBZ#1948001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3536"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T13:10:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "wildfly: XSS via admin console when creating roles in domain mode"
},
{
"cve": "CVE-2021-21409",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Request smuggling via content-length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21409"
},
{
"category": "external",
"summary": "RHBZ#1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
}
],
"release_date": "2021-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T13:10:19+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2692"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el6eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Request smuggling via content-length header"
}
]
}
RHSA-2021:2693
Vulnerability from csaf_redhat - Published: 2021-07-13 13:02 - Updated: 2026-03-18 02:06Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 7 security update
Severity
Moderate
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* netty: Request smuggling via content-length header (CVE-2021-21409)
* wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity.
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Affected products
Fixed
77 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.
5.9 (Medium)
Affected products
Fixed
77 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
32 references
Acknowledgments
Damian Bury
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:2693",
"url": "https://access.redhat.com/errata/RHSA-2021:2693"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "1948001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948001"
},
{
"category": "external",
"summary": "JBEAP-20264",
"url": "https://issues.redhat.com/browse/JBEAP-20264"
},
{
"category": "external",
"summary": "JBEAP-20503",
"url": "https://issues.redhat.com/browse/JBEAP-20503"
},
{
"category": "external",
"summary": "JBEAP-20623",
"url": "https://issues.redhat.com/browse/JBEAP-20623"
},
{
"category": "external",
"summary": "JBEAP-21179",
"url": "https://issues.redhat.com/browse/JBEAP-21179"
},
{
"category": "external",
"summary": "JBEAP-21406",
"url": "https://issues.redhat.com/browse/JBEAP-21406"
},
{
"category": "external",
"summary": "JBEAP-21421",
"url": "https://issues.redhat.com/browse/JBEAP-21421"
},
{
"category": "external",
"summary": "JBEAP-21434",
"url": "https://issues.redhat.com/browse/JBEAP-21434"
},
{
"category": "external",
"summary": "JBEAP-21435",
"url": "https://issues.redhat.com/browse/JBEAP-21435"
},
{
"category": "external",
"summary": "JBEAP-21437",
"url": "https://issues.redhat.com/browse/JBEAP-21437"
},
{
"category": "external",
"summary": "JBEAP-21441",
"url": "https://issues.redhat.com/browse/JBEAP-21441"
},
{
"category": "external",
"summary": "JBEAP-21443",
"url": "https://issues.redhat.com/browse/JBEAP-21443"
},
{
"category": "external",
"summary": "JBEAP-21444",
"url": "https://issues.redhat.com/browse/JBEAP-21444"
},
{
"category": "external",
"summary": "JBEAP-21567",
"url": "https://issues.redhat.com/browse/JBEAP-21567"
},
{
"category": "external",
"summary": "JBEAP-21582",
"url": "https://issues.redhat.com/browse/JBEAP-21582"
},
{
"category": "external",
"summary": "JBEAP-21739",
"url": "https://issues.redhat.com/browse/JBEAP-21739"
},
{
"category": "external",
"summary": "JBEAP-21977",
"url": "https://issues.redhat.com/browse/JBEAP-21977"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2693.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.8 on RHEL 7 security update",
"tracking": {
"current_release_date": "2026-03-18T02:06:33+00:00",
"generator": {
"date": "2026-03-18T02:06:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2021:2693",
"initial_release_date": "2021-07-13T13:02:32+00:00",
"revision_history": [
{
"date": "2021-07-13T13:02:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-07-13T13:02:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:06:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.13-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.38-1.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.23-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.15-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client@1.0.28-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.33-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src",
"product_id": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.20-3.SP1_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.23-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-elytron-web@1.6.3-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src",
"product_id": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.8-1.Final_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-7.Final_redhat_00008.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.8-1.GA_redhat_00001.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron@1.10.13-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-elytron-tool@1.10.13-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.38-1.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan@9.4.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-jdbc@9.4.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-cachestore-remote@9.4.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-client-hotrod@9.4.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-commons@9.4.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-core@9.4.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-commons@9.4.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-spi@9.4.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-infinispan-hibernate-cache-v53@9.4.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty@4.1.63-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-netty-all@4.1.63-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hal-console@3.2.15-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-client-common@1.0.28-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-ejb-client@1.0.28-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-naming-client@1.0.28-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-http-transaction-client@1.0.28-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar@1.4.33-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-api@1.4.33-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-impl@1.4.33-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-common-spi@1.4.33-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-api@1.4.33-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-core-impl@1.4.33-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-deployers-common@1.4.33-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-jdbc@1.4.33-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-ironjacamar-validator@1.4.33-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate@5.3.20-3.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-core@5.3.20-3.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-entitymanager@5.3.20-3.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-envers@5.3.20-3.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-hibernate-java8@5.3.20-3.SP1_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-remoting@5.0.23-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow-server@1.6.3-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet@1.3.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jberet-core@1.3.8-1.Final_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-7.Final_redhat_00008.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.8-1.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.8-1.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.8-1.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.8-1.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.8-1.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Damian Bury"
]
}
],
"cve": "CVE-2021-3536",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2021-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1948001"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). The highest threat from this vulnerability is to confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: XSS via admin console when creating roles in domain mode",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect Red Hat CodeReady Studio 12 because it uses the Wildfly client only. The domain mode is not used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3536"
},
{
"category": "external",
"summary": "RHBZ#1948001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3536",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3536"
}
],
"release_date": "2021-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T13:02:32+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "wildfly: XSS via admin console when creating roles in domain mode"
},
{
"cve": "CVE-2021-21409",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2021-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944888"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. There is an issue where the content-length header is not validated correctly if the request uses a single Http2HeaderFrame with the endstream set to true. This flaw leads to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. The highest threat from this vulnerability is to integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Request smuggling via content-length header",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite ships a vulnerable Netty version embedded in Candlepin. However, it is not directly vulnerable since the HTTP requests are handled by Tomcat and not by Netty.\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nIn OpenShift Container Platform (OCP), the Hive/Presto/Hadoop components that comprise the OCP Metering stack, ship the vulnerable version of netty-codec-http package.\nSince the release of OCP 4.6, the Metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-21409"
},
{
"category": "external",
"summary": "RHBZ#1944888",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944888"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21409"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
"url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
}
],
"release_date": "2021-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-13T13:02:32+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:2693"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3:eap7-elytron-web-0:1.6.3-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hal-console-0:3.2.15-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-0:5.3.20-3.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-hibernate-core-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-entitymanager-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-envers-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-hibernate-java8-0:5.3.20-3.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-0:9.4.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-jdbc-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-cachestore-remote-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-client-hotrod-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-core-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-commons-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-spi-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-infinispan-hibernate-cache-v53-0:9.4.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-0:1.4.33-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-common-spi-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-api-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-core-impl-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-deployers-common-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-jdbc-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-ironjacamar-validator-0:1.4.33-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jberet-0:1.3.8-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jberet-core-0:1.3.8-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-remoting-0:5.0.23-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-0:1.7.2-7.Final_redhat_00008.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-cli-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-core-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-7.Final_redhat_00008.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-netty-0:4.1.63-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-netty-all-0:4.1.63-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.38-1.SP1_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-server-0:1.6.3-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-0:7.3.8-1.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-0:1.10.13-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-elytron-tool-0:1.10.13-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-http-client-common-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-ejb-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-naming-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-http-transaction-client-0:1.0.28-1.Final_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk11-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-java-jdk8-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-javadocs-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-modules-0:7.3.8-1.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty: Request smuggling via content-length header"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…