Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-23358 (GCVE-0-2021-23358)
Vulnerability from cvelistv5 – Published: 2021-03-29 13:15 – Updated: 2025-11-03 21:44
VLAI
EPSS
Title
Arbitrary Code Injection
Summary
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Severity
CWE
- Arbitrary Code Injection
Assigner
References
15 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | underscore |
Affected:
1.13.0-0 , < unspecified
(custom)
Affected: unspecified , < 1.13.0-2 (custom) Affected: 1.3.2 , < unspecified (custom) Affected: unspecified , < 1.12.1 (custom) |
Date Public
2021-03-29 00:00
Credits
Alessio Della Libera (@d3lla)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:44:35.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71"
},
{
"name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html"
},
{
"name": "DSA-4883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4883"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"name": "FEDORA-2021-e49f936d9f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/"
},
{
"name": "FEDORA-2021-f278299902",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240808-0003/"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/14"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-23358",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:48:41.938375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:48:53.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "underscore",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.13.0-0",
"versionType": "custom"
},
{
"lessThan": "1.13.0-2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "1.3.2",
"versionType": "custom"
},
{
"lessThan": "1.12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alessio Della Libera (@d3lla)"
}
],
"datePublic": "2021-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 3,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary Code Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-24T04:06:09.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71"
},
{
"name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html"
},
{
"name": "DSA-4883",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4883"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"name": "FEDORA-2021-e49f936d9f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/"
},
{
"name": "FEDORA-2021-f278299902",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/"
}
],
"title": "Arbitrary Code Injection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-03-29T13:13:50.579077Z",
"ID": "CVE-2021-23358",
"STATE": "PUBLIC",
"TITLE": "Arbitrary Code Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "underscore",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.13.0-0"
},
{
"version_affected": "\u003c",
"version_value": "1.13.0-2"
},
{
"version_affected": "\u003e=",
"version_value": "1.3.2"
},
{
"version_affected": "\u003c",
"version_value": "1.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alessio Della Libera (@d3lla)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505"
},
{
"name": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71",
"refsource": "MISC",
"url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71"
},
{
"name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html"
},
{
"name": "DSA-4883",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4883"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"name": "FEDORA-2021-e49f936d9f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/"
},
{
"name": "FEDORA-2021-f278299902",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2021-23358",
"datePublished": "2021-03-29T13:15:34.770Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:44:35.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-23358",
"date": "2026-05-28",
"epss": "0.01452",
"percentile": "0.81088"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-23358\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2021-03-29T14:15:18.047\",\"lastModified\":\"2025-11-03T22:15:47.570\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.\"},{\"lang\":\"es\",\"value\":\"El paquete underscore desde la versi\u00f3n 1.13.0-0 y anterior a la versi\u00f3n 1.13.0-2, desde la versi\u00f3n 1.3.2 y anterior a la versi\u00f3n 1.12.1, son vulnerables a una ejecuci\u00f3n de c\u00f3digo arbitraria por medio de la funci\u00f3n template, particularmente cuando una propiedad variable es pasada como un argumento ya que no es saneado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.7,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:underscorejs:underscore:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"1.3.2\",\"versionEndExcluding\":\"1.12.1\",\"matchCriteriaId\":\"D9AD5E3F-19FE-436D-9772-67697CF90FA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:underscorejs:underscore:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"1.13.0-0\",\"versionEndExcluding\":\"1.13.0-2\",\"matchCriteriaId\":\"189D2A24-FEEA-4052-9EE3-DAA855476F24\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.18.0\",\"matchCriteriaId\":\"04CA4C0E-255A-4763-AC31-7FE81F720EA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71\",\"source\":\"report@snyk.io\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/\",\"source\":\"report@snyk.io\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/\",\"source\":\"report@snyk.io\"},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4883\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2025/Apr/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240808-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241108-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4883\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2021-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html\", \"name\": \"[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4883\", \"name\": \"DSA-4883\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2021-14\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/\", \"name\": \"FEDORA-2021-e49f936d9f\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/\", \"name\": \"FEDORA-2021-f278299902\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240808-0003/\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Apr/14\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241108-0002/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:44:35.654Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-23358\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-29T15:48:41.938375Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-29T15:48:49.607Z\"}}], \"cna\": {\"title\": \"Arbitrary Code Injection\", \"credits\": [{\"lang\": \"en\", \"value\": \"Alessio Della Libera (@d3lla)\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C\", \"temporalScore\": 3, \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"remediationLevel\": \"OFFICIAL_FIX\", \"reportConfidence\": \"CONFIRMED\", \"temporalSeverity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"exploitCodeMaturity\": \"PROOF_OF_CONCEPT\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"underscore\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.13.0-0\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"1.13.0-2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.3.2\", \"lessThan\": \"unspecified\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"1.12.1\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2021-03-29T00:00:00.000Z\", \"references\": [{\"url\": \"https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html\", \"name\": \"[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4883\", \"name\": \"DSA-4883\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.tenable.com/security/tns-2021-14\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/\", \"name\": \"FEDORA-2021-e49f936d9f\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/\", \"name\": \"FEDORA-2021-f278299902\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Arbitrary Code Injection\"}]}], \"providerMetadata\": {\"orgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"shortName\": \"snyk\", \"dateUpdated\": \"2021-08-24T04:06:09.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Alessio Della Libera (@d3lla)\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"1.13.0-0\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"1.13.0-2\", \"version_affected\": \"\u003c\"}, {\"version_value\": \"1.3.2\", \"version_affected\": \"\u003e=\"}, {\"version_value\": \"1.12.1\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"underscore\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984\", \"name\": \"https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984\", \"refsource\": \"MISC\"}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503\", \"name\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503\", \"refsource\": \"MISC\"}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504\", \"name\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504\", \"refsource\": \"MISC\"}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505\", \"name\": \"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71\", \"name\": \"https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html\", \"name\": \"[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.debian.org/security/2021/dsa-4883\", \"name\": \"DSA-4883\", \"refsource\": \"DEBIAN\"}, {\"url\": \"https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"refsource\": \"MLIST\"}, {\"url\": \"https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E\", \"name\": \"[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.tenable.com/security/tns-2021-14\", \"name\": \"https://www.tenable.com/security/tns-2021-14\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/\", \"name\": \"FEDORA-2021-e49f936d9f\", \"refsource\": \"FEDORA\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/\", \"name\": \"FEDORA-2021-f278299902\", \"refsource\": \"FEDORA\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Arbitrary Code Injection\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-23358\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Arbitrary Code Injection\", \"ASSIGNER\": \"report@snyk.io\", \"DATE_PUBLIC\": \"2021-03-29T13:13:50.579077Z\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-23358\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:44:35.654Z\", \"dateReserved\": \"2021-01-08T00:00:00.000Z\", \"assignerOrgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"datePublished\": \"2021-03-29T13:15:34.770Z\", \"assignerShortName\": \"snyk\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2021-23358
Vulnerability from fkie_nvd - Published: 2021-03-29 14:15 - Updated: 2025-11-03 22:15
Severity
3.3 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| underscorejs | underscore | * | |
| underscorejs | underscore | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| tenable | tenable.sc | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:underscorejs:underscore:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "D9AD5E3F-19FE-436D-9772-67697CF90FA2",
"versionEndExcluding": "1.12.1",
"versionStartIncluding": "1.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:underscorejs:underscore:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "189D2A24-FEEA-4052-9EE3-DAA855476F24",
"versionEndExcluding": "1.13.0-2",
"versionStartIncluding": "1.13.0-0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04CA4C0E-255A-4763-AC31-7FE81F720EA3",
"versionEndIncluding": "5.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized."
},
{
"lang": "es",
"value": "El paquete underscore desde la versi\u00f3n 1.13.0-0 y anterior a la versi\u00f3n 1.13.0-2, desde la versi\u00f3n 1.3.2 y anterior a la versi\u00f3n 1.12.1, son vulnerables a una ejecuci\u00f3n de c\u00f3digo arbitraria por medio de la funci\u00f3n template, particularmente cuando una propiedad variable es pasada como un argumento ya que no es saneado"
}
],
"id": "CVE-2021-23358",
"lastModified": "2025-11-03T22:15:47.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 2.5,
"source": "report@snyk.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-29T14:15:18.047",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Broken Link"
],
"url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71"
},
{
"source": "report@snyk.io",
"url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E"
},
{
"source": "report@snyk.io",
"url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E"
},
{
"source": "report@snyk.io",
"url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E"
},
{
"source": "report@snyk.io",
"url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E"
},
{
"source": "report@snyk.io",
"url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E"
},
{
"source": "report@snyk.io",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html"
},
{
"source": "report@snyk.io",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/"
},
{
"source": "report@snyk.io",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/"
},
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504"
},
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505"
},
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503"
},
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984"
},
{
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4883"
},
{
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2025/Apr/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240808-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4883"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-14"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-CF4H-3JHX-XVHQ
Vulnerability from github – Published: 2021-05-06 16:09 – Updated: 2025-11-04 16:33
VLAI
Summary
Arbitrary Code Execution in underscore
Details
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Severity
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "underscore"
},
"ranges": [
{
"events": [
{
"introduced": "1.3.2"
},
{
"fixed": "1.12.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23358"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-31T21:59:00Z",
"nvd_published_at": "2021-03-29T14:15:00Z",
"severity": "CRITICAL"
},
"details": "The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.",
"id": "GHSA-cf4h-3jhx-xvhq",
"modified": "2025-11-04T16:33:59Z",
"published": "2021-05-06T16:09:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358"
},
{
"type": "WEB",
"url": "https://github.com/jashkenas/underscore/pull/2917"
},
{
"type": "WEB",
"url": "https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/underscore"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4883"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241108-0002"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240808-0003"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf%40%3Cissues.cordova.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039%40%3Cissues.cordova.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba%40%3Cissues.cordova.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306%40%3Cissues.cordova.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1%40%3Cissues.cordova.apache.org%3E"
},
{
"type": "WEB",
"url": "https://github.com/jashkenas/underscore/releases/tag/1.12.1"
},
{
"type": "WEB",
"url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71"
},
{
"type": "PACKAGE",
"url": "https://github.com/jashkenas/underscore"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Apr/14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Arbitrary Code Execution in underscore"
}
GSD-2021-23358
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-23358",
"description": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.",
"id": "GSD-2021-23358",
"references": [
"https://www.suse.com/security/cve/CVE-2021-23358.html",
"https://www.debian.org/security/2021/dsa-4883",
"https://access.redhat.com/errata/RHSA-2021:2865",
"https://access.redhat.com/errata/RHSA-2021:1499",
"https://access.redhat.com/errata/RHSA-2021:1448",
"https://ubuntu.com/security/CVE-2021-23358",
"https://advisories.mageia.org/CVE-2021-23358.html",
"https://access.redhat.com/errata/RHSA-2022:6393"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-23358"
],
"details": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.",
"id": "GSD-2021-23358",
"modified": "2023-12-13T01:23:30.328136Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-03-29T13:13:50.579077Z",
"ID": "CVE-2021-23358",
"STATE": "PUBLIC",
"TITLE": "Arbitrary Code Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "underscore",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "1.13.0-0"
},
{
"version_affected": "\u003c",
"version_value": "1.13.0-2"
},
{
"version_affected": "\u003e=",
"version_value": "1.3.2"
},
{
"version_affected": "\u003c",
"version_value": "1.12.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alessio Della Libera (@d3lla)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": " Arbitrary Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505"
},
{
"name": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71",
"refsource": "MISC",
"url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71"
},
{
"name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html"
},
{
"name": "DSA-4883",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4883"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"name": "FEDORA-2021-e49f936d9f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/"
},
{
"name": "FEDORA-2021-f278299902",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=1.3.2 \u003c1.12.1||\u003e=1.13.0-0 \u003c1.13.0-2",
"affected_versions": "All versions starting from 1.3.2 before 1.12.1, all versions starting from 1.13.0-0 before 1.13.0-2",
"cvss_v2": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937",
"CWE-94"
],
"date": "2021-09-22",
"description": "The underscore package is are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.",
"fixed_versions": [
"1.12.1",
"1.13.1"
],
"identifier": "CVE-2021-23358",
"identifiers": [
"CVE-2021-23358"
],
"not_impacted": "All versions before 1.3.2, all versions starting from 1.12.1 before 1.13.0-0, all versions starting from 1.13.0-2",
"package_slug": "npm/underscore",
"pubdate": "2021-03-29",
"solution": "Upgrade to versions 1.12.1, 1.13.1 or above.",
"title": "Code Injection",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-23358"
],
"uuid": "8a3c5e90-404a-48ab-a4a4-d1287d5e694f"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:underscorejs:underscore:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "1.12.1",
"versionStartIncluding": "1.3.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:underscorejs:underscore:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "1.13.0-2",
"versionStartIncluding": "1.13.0-0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.18.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2021-23358"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505"
},
{
"name": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71",
"refsource": "MISC",
"tags": [
"Broken Link"
],
"url": "https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503"
},
{
"name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2613-1] underscore security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html"
},
{
"name": "DSA-4883",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4883"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek closed issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] breautek commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley opened a new issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley edited a comment on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E"
},
{
"name": "[cordova-issues] 20210414 [GitHub] [cordova-common] RichardMcSorley commented on issue #163: Security Vulnerability in underscore \u003c= 1.12.0 CVE-2021-23358",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E"
},
{
"name": "https://www.tenable.com/security/tns-2021-14",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2021-14"
},
{
"name": "FEDORA-2021-e49f936d9f",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/"
},
{
"name": "FEDORA-2021-f278299902",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-09-22T19:49Z",
"publishedDate": "2021-03-29T14:15Z"
}
}
}
MSRC_CVE-2021-23358
Vulnerability from csaf_microsoft - Published: 2021-03-02 00:00 - Updated: 2026-02-18 14:38Summary
Arbitrary Code Injection
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
CWE-94
- Improper Control of Generation of Code ('Code Injection')
Affected products
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-1 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2021-23358 Arbitrary Code Injection - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-23358.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Arbitrary Code Injection",
"tracking": {
"current_release_date": "2026-02-18T14:38:25.000Z",
"generator": {
"date": "2026-02-26T08:07:32.766Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2021-23358",
"initial_release_date": "2021-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-03T21:42:37.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-18T14:38:25.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"category": "product_name",
"name": "azl3 mozjs 102.15.1-1",
"product": {
"name": "azl3 mozjs 102.15.1-1",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 mozjs 102.15.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23358",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0026#39;Code Injection\u0026#39;)"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "snyk",
"title": "Assigning CNA"
}
],
"product_status": {
"known_not_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-23358 Arbitrary Code Injection - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-23358.json"
}
],
"title": "Arbitrary Code Injection"
}
]
}
NCSC-2024-0413
Vulnerability from csaf_ncscnl - Published: 2024-10-17 13:17 - Updated: 2024-10-17 13:17Summary
Kwetsbaarheden verholpen in Oracle Commerce
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Commerce.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van data
- Toegang tot gevoelige gegevens
- Uitvoer van willekeurige code (Gebruikersrechten)
- Uitvoer van willekeurige code (Administratorrechten)
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-755: Improper Handling of Exceptional Conditions
CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CWE-552: Files or Directories Accessible to External Parties
CWE-404: Improper Resource Shutdown or Release
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-400: Uncontrolled Resource Consumption
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-611: Improper Restriction of XML External Entity Reference
CWE-20: Improper Input Validation
7.5 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
commerce_guided_search
oracle
|
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.4.0:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
commerce_guided_search
oracle
|
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*
|
— | |
|
oracle_commerce_guided_search
oracle
|
cpe:2.3:a:oracle:oracle_commerce_guided_search:*:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.4.0:*:*:*:*:*:*:*
|
— |
7.2 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
commerce_guided_search
oracle
|
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.4.0:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
commerce_guided_search
oracle
|
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.4.0:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
commerce_guided_search
oracle
|
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.4.0:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
|
— |
7.1 (High)
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_commerce_guided_search
oracle
|
cpe:2.3:a:oracle:oracle_commerce_guided_search:*:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.4.0:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce_guided_search
oracle
|
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_commerce_platform
oracle
|
cpe:2.3:a:oracle:oracle_commerce_platform:*:*:*:*:*:*:*:*
|
— | |
|
oracle_commerce_guided_search
oracle
|
cpe:2.3:a:oracle:oracle_commerce_guided_search:*:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.4.0:*:*:*:*:*:*:*
|
— | |
|
commerce_guided_search
oracle
|
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
|
— |
5.9 (Medium)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.4.0:*:*:*:*:*:*:*
|
— | |
|
commerce_guided_search
oracle
|
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce_platform
oracle
|
cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
commerce_guided_search
oracle
|
cpe:2.3:a:oracle:commerce_guided_search:11.4.0:*:*:*:*:*:*:*
|
— | |
|
commerce_guided_search
oracle
|
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.0:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.1:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.3.2:*:*:*:*:*:*:*
|
— | |
|
commerce
oracle
|
cpe:2.3:a:oracle:commerce:11.4.0:*:*:*:*:*:*:*
|
— |
References
10 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Commerce.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Toegang tot gevoelige gegevens\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"title": "CWE-917"
},
{
"category": "general",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Commerce",
"tracking": {
"current_release_date": "2024-10-17T13:17:19.736602Z",
"id": "NCSC-2024-0413",
"initial_release_date": "2024-10-17T13:17:19.736602Z",
"revision_history": [
{
"date": "2024-10-17T13:17:19.736602Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "commerce",
"product": {
"name": "commerce",
"product_id": "CSAFPID-1674613",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:commerce:11.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "commerce",
"product": {
"name": "commerce",
"product_id": "CSAFPID-1674614",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:commerce:11.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "commerce",
"product": {
"name": "commerce",
"product_id": "CSAFPID-1674615",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:commerce:11.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "commerce",
"product": {
"name": "commerce",
"product_id": "CSAFPID-1674616",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:commerce:11.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "commerce_guided_search",
"product": {
"name": "commerce_guided_search",
"product_id": "CSAFPID-187449",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "commerce_guided_search",
"product": {
"name": "commerce_guided_search",
"product_id": "CSAFPID-1673502",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:commerce_guided_search:11.4.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "commerce_platform",
"product": {
"name": "commerce_platform",
"product_id": "CSAFPID-764898",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "commerce_platform",
"product": {
"name": "commerce_platform",
"product_id": "CSAFPID-220467",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "commerce_platform",
"product": {
"name": "commerce_platform",
"product_id": "CSAFPID-221115",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "commerce_platform",
"product": {
"name": "commerce_platform",
"product_id": "CSAFPID-220466",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_commerce_guided_search",
"product": {
"name": "oracle_commerce_guided_search",
"product_id": "CSAFPID-1650505",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:oracle_commerce_guided_search:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_commerce_platform",
"product": {
"name": "oracle_commerce_platform",
"product_id": "CSAFPID-1650560",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:oracle_commerce_platform:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10172",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"product_status": {
"known_affected": [
"CSAFPID-187449",
"CSAFPID-220467",
"CSAFPID-221115",
"CSAFPID-220466",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2019-10172",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-10172.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-187449",
"CSAFPID-220467",
"CSAFPID-221115",
"CSAFPID-220466",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616"
]
}
],
"title": "CVE-2019-10172"
},
{
"cve": "CVE-2020-13956",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-187449",
"CSAFPID-220467",
"CSAFPID-221115",
"CSAFPID-220466",
"CSAFPID-764898",
"CSAFPID-1650505",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-13956",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-187449",
"CSAFPID-220467",
"CSAFPID-221115",
"CSAFPID-220466",
"CSAFPID-764898",
"CSAFPID-1650505",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616"
]
}
],
"title": "CVE-2020-13956"
},
{
"cve": "CVE-2021-23358",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
}
],
"product_status": {
"known_affected": [
"CSAFPID-187449",
"CSAFPID-221115",
"CSAFPID-220466",
"CSAFPID-220467",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-23358",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-23358.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-187449",
"CSAFPID-221115",
"CSAFPID-220466",
"CSAFPID-220467",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616"
]
}
],
"title": "CVE-2021-23358"
},
{
"cve": "CVE-2021-28170",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-187449",
"CSAFPID-220467",
"CSAFPID-221115",
"CSAFPID-220466",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-28170",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-28170.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-187449",
"CSAFPID-220467",
"CSAFPID-221115",
"CSAFPID-220466",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616"
]
}
],
"title": "CVE-2021-28170"
},
{
"cve": "CVE-2022-46337",
"product_status": {
"known_affected": [
"CSAFPID-187449",
"CSAFPID-220466",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616",
"CSAFPID-220467",
"CSAFPID-221115"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-46337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-46337.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-187449",
"CSAFPID-220466",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616",
"CSAFPID-220467",
"CSAFPID-221115"
]
}
],
"title": "CVE-2022-46337"
},
{
"cve": "CVE-2023-2976",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "other",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650505",
"CSAFPID-220466",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616",
"CSAFPID-220467",
"CSAFPID-221115",
"CSAFPID-187449"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-2976",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1650505",
"CSAFPID-220466",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616",
"CSAFPID-220467",
"CSAFPID-221115",
"CSAFPID-187449"
]
}
],
"title": "CVE-2023-2976"
},
{
"cve": "CVE-2023-20863",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"title": "CWE-917"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650560",
"CSAFPID-1650505",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616",
"CSAFPID-187449",
"CSAFPID-220466",
"CSAFPID-220467",
"CSAFPID-221115"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-20863",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-20863.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650560",
"CSAFPID-1650505",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616",
"CSAFPID-187449",
"CSAFPID-220466",
"CSAFPID-220467",
"CSAFPID-221115"
]
}
],
"title": "CVE-2023-20863"
},
{
"cve": "CVE-2024-26308",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616",
"CSAFPID-187449",
"CSAFPID-220466",
"CSAFPID-220467",
"CSAFPID-221115"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-26308",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616",
"CSAFPID-187449",
"CSAFPID-220466",
"CSAFPID-220467",
"CSAFPID-221115"
]
}
],
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-34750",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673502",
"CSAFPID-187449",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34750",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1673502",
"CSAFPID-187449",
"CSAFPID-1674613",
"CSAFPID-1674614",
"CSAFPID-1674615",
"CSAFPID-1674616"
]
}
],
"title": "CVE-2024-34750"
}
]
}
OPENSUSE-SU-2021:0601-1
Vulnerability from csaf_opensuse - Published: 2021-04-23 10:46 - Updated: 2021-04-23 10:46Summary
Security update for nodejs-underscore
Severity
Important
Notes
Title of the patch: Security update for nodejs-underscore
Description of the patch: This update for nodejs-underscore fixes the following issues:
Update version to 1.13.1
* Fix security issue (boo#1184800, CVE-2021-23358)
* Fix bugs
* Many new features
Patchnames: openSUSE-2021-601
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:nodejs-underscore-1.13.1-lp152.4.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs-underscore",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs-underscore fixes the following issues:\n\nUpdate version to 1.13.1\n\n* Fix security issue (boo#1184800, CVE-2021-23358)\n* Fix bugs\n* Many new features\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-601",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0601-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0601-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OYT735UU6WLJPI53DIIUEZ4OG2ZZSATO/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0601-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OYT735UU6WLJPI53DIIUEZ4OG2ZZSATO/"
},
{
"category": "self",
"summary": "SUSE Bug 1184800",
"url": "https://bugzilla.suse.com/1184800"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23358 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23358/"
}
],
"title": "Security update for nodejs-underscore",
"tracking": {
"current_release_date": "2021-04-23T10:46:45Z",
"generator": {
"date": "2021-04-23T10:46:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0601-1",
"initial_release_date": "2021-04-23T10:46:45Z",
"revision_history": [
{
"date": "2021-04-23T10:46:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs-underscore-1.13.1-lp152.4.3.1.noarch",
"product": {
"name": "nodejs-underscore-1.13.1-lp152.4.3.1.noarch",
"product_id": "nodejs-underscore-1.13.1-lp152.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-underscore-1.13.1-lp152.4.3.1.noarch as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:nodejs-underscore-1.13.1-lp152.4.3.1.noarch"
},
"product_reference": "nodejs-underscore-1.13.1-lp152.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23358"
}
],
"notes": [
{
"category": "general",
"text": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:nodejs-underscore-1.13.1-lp152.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23358",
"url": "https://www.suse.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "SUSE Bug 1184800 for CVE-2021-23358",
"url": "https://bugzilla.suse.com/1184800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:nodejs-underscore-1.13.1-lp152.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:nodejs-underscore-1.13.1-lp152.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-23T10:46:45Z",
"details": "important"
}
],
"title": "CVE-2021-23358"
}
]
}
OPENSUSE-SU-2024:11095-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
nodejs-underscore-1.13.1-1.3 on GA media
Severity
Moderate
Notes
Title of the patch: nodejs-underscore-1.13.1-1.3 on GA media
Description of the patch: These are all security issues fixed in the nodejs-underscore-1.13.1-1.3 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11095
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "nodejs-underscore-1.13.1-1.3 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the nodejs-underscore-1.13.1-1.3 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11095",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11095-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23358 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23358/"
}
],
"title": "nodejs-underscore-1.13.1-1.3 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11095-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nodejs-underscore-1.13.1-1.3.aarch64",
"product": {
"name": "nodejs-underscore-1.13.1-1.3.aarch64",
"product_id": "nodejs-underscore-1.13.1-1.3.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-underscore-1.13.1-1.3.ppc64le",
"product": {
"name": "nodejs-underscore-1.13.1-1.3.ppc64le",
"product_id": "nodejs-underscore-1.13.1-1.3.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-underscore-1.13.1-1.3.s390x",
"product": {
"name": "nodejs-underscore-1.13.1-1.3.s390x",
"product_id": "nodejs-underscore-1.13.1-1.3.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-underscore-1.13.1-1.3.x86_64",
"product": {
"name": "nodejs-underscore-1.13.1-1.3.x86_64",
"product_id": "nodejs-underscore-1.13.1-1.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-underscore-1.13.1-1.3.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.aarch64"
},
"product_reference": "nodejs-underscore-1.13.1-1.3.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-underscore-1.13.1-1.3.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.ppc64le"
},
"product_reference": "nodejs-underscore-1.13.1-1.3.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-underscore-1.13.1-1.3.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.s390x"
},
"product_reference": "nodejs-underscore-1.13.1-1.3.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-underscore-1.13.1-1.3.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.x86_64"
},
"product_reference": "nodejs-underscore-1.13.1-1.3.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23358"
}
],
"notes": [
{
"category": "general",
"text": "The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.aarch64",
"openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.ppc64le",
"openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.s390x",
"openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23358",
"url": "https://www.suse.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "SUSE Bug 1184800 for CVE-2021-23358",
"url": "https://bugzilla.suse.com/1184800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.aarch64",
"openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.ppc64le",
"openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.s390x",
"openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.aarch64",
"openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.ppc64le",
"openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.s390x",
"openSUSE Tumbleweed:nodejs-underscore-1.13.1-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23358"
}
]
}
OXAS-ADV-2025-0001
Vulnerability from csaf_ox - Published: 2025-01-27 00:00 - Updated: 2025-04-07 00:00Summary
OX App Suite Security Advisory OXAS-ADV-2025-0001
Severity
Critical
Notes
Terms of Use: This content is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International License (https://creativecommons.org/licenses/by-nd/4.0/). If you distribute this content, you must provide attribution to Open-Xchange GmbH and provide a link to the original. You may not distribute a modified version of this content.
The DOMPurify third-party library has been updated to resolve known vulnerabilities.
10.0 (Critical)
Affected products
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite frontend 7.10.6-rev49
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev49:*:*:*:*:*:*
|
7.10.6-rev49 |
Vendor Fix
|
First fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite frontend 7.10.6-rev50
Open-Xchange GmbH / OX App Suite frontend
|
cpe:2.3:a:open-xchange:app_suite:7.10.6:rev50:*:*:*:*:*:*
|
7.10.6-rev50 |
Threats
Impact
This is done as a precautionary measure, at this time none of the related vulnerabilities is known to be exploitable in context of OX App Suite.
Exploit Status
No publicly available exploits are known.
Several third-party libraries have been updated to resolve known vulnerabilities. This includes H2, Xalan, Liquibase and Spring Boot.
9.8 (Critical)
Affected products
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite office 7.10.6-rev15
Open-Xchange GmbH / OX App Suite office
|
cpe:2.3:a:open-xchange:office:7.10.6:rev15:*:*:*:*:*:*
|
7.10.6-rev15 |
Vendor Fix
|
First fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite office 7.10.6-rev16
Open-Xchange GmbH / OX App Suite office
|
cpe:2.3:a:open-xchange:office:7.10.6:rev16:*:*:*:*:*:*
|
7.10.6-rev16 |
Threats
Impact
This is done as a precautionary measure, at this time none of the related vulnerabilities is known to be exploitable in context of OX App Suite.
Exploit Status
No publicly available exploits are known.
Several third-party libraries have been updated to resolve known vulnerabilities. This includes grunt, dompurify, codecept, underscore and requirejs.
7.2 (High)
Affected products
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite office 7.10.6-rev11
Open-Xchange GmbH / OX App Suite office
|
cpe:2.3:a:open-xchange:office:7.10.6:rev11:*:*:*:*:*:*
|
7.10.6-rev11 |
Vendor Fix
|
First fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
OX App Suite office 7.10.6-rev12
Open-Xchange GmbH / OX App Suite office
|
cpe:2.3:a:open-xchange:office:7.10.6:rev12:*:*:*:*:*:*
|
7.10.6-rev12 |
Threats
Impact
This is done as a precautionary measure, at this time none of the related vulnerabilities is known to be exploitable in context of OX App Suite.
Exploit Status
No publicly available exploits are known.
References
5 references
{
"document": {
"aggregate_severity": {
"text": "CRITICAL"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Open-Xchange GmbH. All rights reserved.",
"tlp": {
"label": "GREEN",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution-NoDerivatives 4.0 International License (https://creativecommons.org/licenses/by-nd/4.0/). If you distribute this content, you must provide attribution to Open-Xchange GmbH and provide a link to the original. You may not distribute a modified version of this content.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"name": "Open-Xchange GmbH",
"namespace": "https://open-xchange.com/"
},
"references": [
{
"category": "external",
"summary": "Release Notes",
"url": "https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6304_7.10.6_2025-02-03.pdf"
},
{
"category": "self",
"summary": "Canonical CSAF document",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2025/oxas-adv-2025-0001.json"
},
{
"category": "self",
"summary": "Markdown representation",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/md/2025/oxas-adv-2025-0001.md"
},
{
"category": "self",
"summary": "HTML representation",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/html/2025/oxas-adv-2025-0001.html"
},
{
"category": "self",
"summary": "Plain-text representation",
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/txt/2025/oxas-adv-2025-0001.txt"
}
],
"title": "OX App Suite Security Advisory OXAS-ADV-2025-0001",
"tracking": {
"current_release_date": "2025-04-07T00:00:00+00:00",
"generator": {
"date": "2025-04-07T06:54:13+00:00",
"engine": {
"name": "OX CSAF",
"version": "1.0.0"
}
},
"id": "OXAS-ADV-2025-0001",
"initial_release_date": "2025-01-27T00:00:00+01:00",
"revision_history": [
{
"date": "2025-01-27T00:00:00+01:00",
"number": "1",
"summary": "Initial release"
},
{
"date": "2025-04-07T00:00:00+00:00",
"number": "2",
"summary": "Public release"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.10.6-rev49",
"product": {
"name": "OX App Suite frontend 7.10.6-rev49",
"product_id": "OXAS-FRONTEND_7.10.6-rev49",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev49:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.10.6-rev50",
"product": {
"name": "OX App Suite frontend 7.10.6-rev50",
"product_id": "OXAS-FRONTEND_7.10.6-rev50",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:app_suite:7.10.6:rev50:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6304"
}
]
}
}
}
],
"category": "product_name",
"name": "OX App Suite frontend"
},
{
"branches": [
{
"category": "product_version",
"name": "7.10.6-rev15",
"product": {
"name": "OX App Suite office 7.10.6-rev15",
"product_id": "OXAS-OFFICE_7.10.6-rev15",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:office:7.10.6:rev15:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.10.6-rev16",
"product": {
"name": "OX App Suite office 7.10.6-rev16",
"product_id": "OXAS-OFFICE_7.10.6-rev16",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:office:7.10.6:rev16:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6304"
}
]
}
}
},
{
"category": "product_version",
"name": "7.10.6-rev11",
"product": {
"name": "OX App Suite office 7.10.6-rev11",
"product_id": "OXAS-OFFICE_7.10.6-rev11",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:office:7.10.6:rev11:*:*:*:*:*:*"
}
}
},
{
"category": "product_version",
"name": "7.10.6-rev12",
"product": {
"name": "OX App Suite office 7.10.6-rev12",
"product_id": "OXAS-OFFICE_7.10.6-rev12",
"product_identification_helper": {
"cpe": "cpe:2.3:a:open-xchange:office:7.10.6:rev12:*:*:*:*:*:*",
"x_generic_uris": [
{
"namespace": "https://documentation.open-xchange.com/appsuite/security/advisories/#urn-parsing",
"uri": "urn:open-xchange:app_suite:patch-id:6304"
}
]
}
}
}
],
"category": "product_name",
"name": "OX App Suite office"
}
],
"category": "vendor",
"name": "Open-Xchange GmbH"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47875",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-12-13T10:21:37.494000+01:00",
"ids": [
{
"system_name": "GitLab Issue",
"text": "appsuite/web-apps/ui#785"
}
],
"notes": [
{
"category": "description",
"text": "The DOMPurify third-party library has been updated to resolve known vulnerabilities."
}
],
"product_status": {
"first_fixed": [
"OXAS-FRONTEND_7.10.6-rev50"
],
"last_affected": [
"OXAS-FRONTEND_7.10.6-rev49"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-08T08:55:19.495000+01:00",
"details": "Third-party libraries have been updated.",
"product_ids": [
"OXAS-FRONTEND_7.10.6-rev49"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"OXAS-FRONTEND_7.10.6-rev49"
]
}
],
"threats": [
{
"category": "impact",
"details": "This is done as a precautionary measure, at this time none of the related vulnerabilities is known to be exploitable in context of OX App Suite."
},
{
"category": "exploit_status",
"details": "No publicly available exploits are known."
}
],
"title": "Vulnerable DOMPurify shipped with App Suite 7.10.6 and 7.6.3"
},
{
"cve": "CVE-2022-0839",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2023-09-12T10:35:52+02:00",
"ids": [
{
"system_name": "JIRA OX Bug",
"text": "DOCS-5081"
}
],
"notes": [
{
"category": "description",
"text": "Several third-party libraries have been updated to resolve known vulnerabilities. This includes H2, Xalan, Liquibase and Spring Boot."
}
],
"product_status": {
"first_fixed": [
"OXAS-OFFICE_7.10.6-rev16"
],
"last_affected": [
"OXAS-OFFICE_7.10.6-rev15"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-03T16:27:44+01:00",
"details": "Third-party libraries have been updated.",
"product_ids": [
"OXAS-OFFICE_7.10.6-rev15"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OXAS-OFFICE_7.10.6-rev15"
]
}
],
"threats": [
{
"category": "impact",
"details": "This is done as a precautionary measure, at this time none of the related vulnerabilities is known to be exploitable in context of OX App Suite."
},
{
"category": "exploit_status",
"details": "No publicly available exploits are known."
}
],
"title": "Resolving third-party vulnerabilities in the office master (7.10.6) repo"
},
{
"cve": "CVE-2021-23358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-12-12T10:50:59+01:00",
"ids": [
{
"system_name": "JIRA OX Bug",
"text": "DOCS-5338"
}
],
"notes": [
{
"category": "description",
"text": "Several third-party libraries have been updated to resolve known vulnerabilities. This includes grunt, dompurify, codecept, underscore and requirejs."
}
],
"product_status": {
"first_fixed": [
"OXAS-OFFICE_7.10.6-rev12"
],
"last_affected": [
"OXAS-OFFICE_7.10.6-rev11"
]
},
"remediations": [
{
"category": "vendor_fix",
"date": "2025-01-27T16:08:03+01:00",
"details": "Third-party libraries have been updated.",
"product_ids": [
"OXAS-OFFICE_7.10.6-rev11"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"OXAS-OFFICE_7.10.6-rev11"
]
}
],
"threats": [
{
"category": "impact",
"details": "This is done as a precautionary measure, at this time none of the related vulnerabilities is known to be exploitable in context of OX App Suite."
},
{
"category": "exploit_status",
"details": "No publicly available exploits are known."
}
],
"title": "Resolving third-party vulnerabilities in the office-ui master (7.10.6) repo"
}
]
}
RHSA-2021:1448
Vulnerability from csaf_redhat - Published: 2021-04-28 16:58 - Updated: 2026-02-26 07:21Summary
Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.0.10 security and bug fix updates
Severity
Moderate
Notes
Topic: Red Hat Advanced Cluster Management for Kubernetes 2.0.10 General
Availability release, which fixes bugs and security issues.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images
Red Hat Advanced Cluster Management for Kubernetes provides the
capabilities to address common challenges that administrators and site
reliability engineers face as they work across a range of public and
private cloud environments. Clusters and applications are all visible and
managed from a single console—with security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which resolve some security issues and bugs. See
the following Release Notes documentation, which will be updated shortly
for this release, for details about this
release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/release_notes/
Security fixes:
* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)
For more details about the security issue, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Bug fix:
* RHACM 2.0.10 images (BZ #1940452)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACM-2.0:rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Advanced Cluster Management for Kubernetes 2.0.10 General\nAvailability release, which fixes bugs and security issues.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which resolve some security issues and bugs. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/release_notes/\n\nSecurity fixes: \n\n* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:1448",
"url": "https://access.redhat.com/errata/RHSA-2021:1448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1940452",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940452"
},
{
"category": "external",
"summary": "1944286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1448.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.0.10 security and bug fix updates",
"tracking": {
"current_release_date": "2026-02-26T07:21:20+00:00",
"generator": {
"date": "2026-02-26T07:21:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2021:1448",
"initial_release_date": "2021-04-28T16:58:10+00:00",
"revision_history": [
{
"date": "2021-04-28T16:58:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-04-28T16:58:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-26T07:21:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.0 for RHEL 8",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.0 for RHEL 8",
"product_id": "8Base-RHACM-2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat ACM"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64",
"product": {
"name": "rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64",
"product_id": "rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acm-operator-bundle\u0026tag=v2.0.10-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.0 for RHEL 8",
"product_id": "8Base-RHACM-2.0:rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64"
},
"product_reference": "rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64",
"relates_to_product_reference": "8Base-RHACM-2.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23358",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944286"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-underscore: Arbitrary code execution via the template function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACM-2.0:rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "RHBZ#1944286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358"
}
],
"release_date": "2021-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-04-28T16:58:10+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html-single/install/index#installing",
"product_ids": [
"8Base-RHACM-2.0:rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1448"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACM-2.0:rhacm2/acm-operator-bundle@sha256:ea42543f1127fd6ec53cf7f6c7f61f3e0b62f1b210844584d89d60c4bf53fef9_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-underscore: Arbitrary code execution via the template function"
}
]
}
RHSA-2021:1499
Vulnerability from csaf_redhat - Published: 2021-05-04 20:14 - Updated: 2026-04-30 16:09Summary
Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.3 security and bug fix update
Severity
Moderate
Notes
Topic: Red Hat Advanced Cluster Management for Kubernetes 2.2.3 General Availability
release images, which fix several bugs and security issues.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Red Hat Advanced Cluster Management for Kubernetes 2.2.3 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to
address common challenges that administrators and site reliability engineers
face as they work across a range of public and private cloud environments.
Clusters and applications are all visible and managed from a single console—with
security policy built in.
This advisory contains the container images for Red Hat Advanced Cluster
Management for Kubernetes, which fix several bugs and security issues. See the
following Release Notes documentation, which will be updated shortly for this
release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/
Security fixes:
* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)
* nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)
* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)
* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)
* nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
pages listed in the References section.
Bug fixes:
* ACM UI is not escaping cluster names (BZ# 1936883)
* specify "folder:" for vsphere cluster creation result empty namespace ,no hive (BZ# 1943092)
* RHACM 2.2.3 images (BZ# 1949103)
* Applications won't create properly on native K8S cluster (BZ# 1951384)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent function. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
77 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.2 (High)
Affected products
Fixed
77 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in is-svg package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS). The highest threat from this vulnerability is to availability.
7.5 (High)
Affected products
Fixed
77 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in nodejs-netmask. Octal input data may lead to a server-side request forgery, remote file inclusion, local file inclusion, and other vulnerabilities. The highest threat from this vulnerability is to data integrity.
9.1 (Critical)
Affected products
Fixed
77 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for CVE-2021-28918.
5.3 (Medium)
Affected products
Fixed
77 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Advanced Cluster Management for Kubernetes 2.2.3 General Availability\nrelease images, which fix several bugs and security issues.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Advanced Cluster Management for Kubernetes 2.2.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to\naddress common challenges that administrators and site reliability engineers\nface as they work across a range of public and private cloud environments.\nClusters and applications are all visible and managed from a single console\u2014with\nsecurity policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs and security issues. See the\nfollowing Release Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* nodejs-underscore: Arbitrary code execution via the template function (CVE-2021-23358)\n\n* nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section.\n\nBug fixes: \n\n* ACM UI is not escaping cluster names (BZ# 1936883)\n\n* specify \"folder:\" for vsphere cluster creation result empty namespace ,no hive (BZ# 1943092)\n\n* RHACM 2.2.3 images (BZ# 1949103)\n\n* Applications won\u0027t create properly on native K8S cluster (BZ# 1951384)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:1499",
"url": "https://access.redhat.com/errata/RHSA-2021:1499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1936883",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1936883"
},
{
"category": "external",
"summary": "1939103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103"
},
{
"category": "external",
"summary": "1944286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286"
},
{
"category": "external",
"summary": "1944822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944822"
},
{
"category": "external",
"summary": "1944827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944827"
},
{
"category": "external",
"summary": "1945459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459"
},
{
"category": "external",
"summary": "1949092",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949092"
},
{
"category": "external",
"summary": "1949103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949103"
},
{
"category": "external",
"summary": "1951384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951384"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1499.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.2.3 security and bug fix update",
"tracking": {
"current_release_date": "2026-04-30T16:09:25+00:00",
"generator": {
"date": "2026-04-30T16:09:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2021:1499",
"initial_release_date": "2021-05-04T20:14:19+00:00",
"revision_history": [
{
"date": "2021-05-04T20:14:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-05-04T20:14:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:09:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.2::el8"
}
}
},
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
"product_id": "7Server-RHACM-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.2::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat ACM"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"product": {
"name": "rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"product_id": "rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acmesolver-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"product": {
"name": "rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"product_id": "rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"product_identification_helper": {
"purl": "pkg:oci/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acm-must-gather-rhel8\u0026tag=v2.2.3-2"
}
}
},
{
"category": "product_version",
"name": "rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"product": {
"name": "rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"product_id": "rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/acm-operator-bundle\u0026tag=v2.2.3-10"
}
}
},
{
"category": "product_version",
"name": "rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"product": {
"name": "rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"product_id": "rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/application-ui-rhel8\u0026tag=v2.2.3-5"
}
}
},
{
"category": "product_version",
"name": "rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"product": {
"name": "rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"product_id": "rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/cainjector-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"product": {
"name": "rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"product_id": "rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/cert-manager-controller-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"product": {
"name": "rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"product_id": "rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/cert-manager-webhook-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"product": {
"name": "rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"product_id": "rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/cert-policy-controller-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"product": {
"name": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"product_id": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/clusterlifecycle-state-metrics-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"product": {
"name": "rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"product_id": "rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/configmap-watcher-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"product": {
"name": "rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"product_id": "rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"product_identification_helper": {
"purl": "pkg:oci/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/config-policy-controller-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"product": {
"name": "rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"product_id": "rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/console-api-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"product": {
"name": "rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"product_id": "rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/console-rhel8\u0026tag=v2.2.3-5"
}
}
},
{
"category": "product_version",
"name": "rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"product": {
"name": "rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"product_id": "rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/console-header-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"product": {
"name": "rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"product_id": "rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/endpoint-component-rhel8-operator\u0026tag=v2.2.3-2"
}
}
},
{
"category": "product_version",
"name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"product": {
"name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"product_id": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"product_identification_helper": {
"purl": "pkg:oci/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/endpoint-monitoring-rhel8-operator\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"product": {
"name": "rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"product_id": "rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/endpoint-rhel8-operator\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"product": {
"name": "rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"product_id": "rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-propagator-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"product": {
"name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"product_id": "rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-spec-sync-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"product": {
"name": "rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"product_id": "rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-status-sync-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"product": {
"name": "rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"product_id": "rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"product_identification_helper": {
"purl": "pkg:oci/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-template-sync-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"product": {
"name": "rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"product_id": "rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/grafana-dashboard-loader-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"product": {
"name": "rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"product_id": "rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/grc-ui-api-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"product": {
"name": "rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"product_id": "rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/grc-ui-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"product": {
"name": "rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"product_id": "rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/iam-policy-controller-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"product": {
"name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"product_id": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/klusterlet-addon-lease-controller-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"product": {
"name": "rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"product_id": "rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"product_identification_helper": {
"purl": "pkg:oci/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/klusterlet-operator-bundle\u0026tag=v2.2.3-8"
}
}
},
{
"category": "product_version",
"name": "rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"product": {
"name": "rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"product_id": "rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/kui-web-terminal-rhel8\u0026tag=v2.2.3-5"
}
}
},
{
"category": "product_version",
"name": "rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"product": {
"name": "rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"product_id": "rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/management-ingress-rhel7\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"product": {
"name": "rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"product_id": "rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/mcm-topology-api-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"product": {
"name": "rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"product_id": "rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/mcm-topology-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"product": {
"name": "rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"product_id": "rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/memcached-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"product": {
"name": "rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"product_id": "rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/memcached-exporter-rhel7\u0026tag=v2.2.3-2"
}
}
},
{
"category": "product_version",
"name": "rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"product": {
"name": "rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"product_id": "rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/metrics-collector-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"product": {
"name": "rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"product_id": "rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicloud-manager-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"product": {
"name": "rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"product_id": "rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multiclusterhub-rhel8\u0026tag=v2.2.3-10"
}
}
},
{
"category": "product_version",
"name": "rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"product": {
"name": "rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"product_id": "rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multiclusterhub-repo-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"product": {
"name": "rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"product_id": "rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-observability-rhel8-operator\u0026tag=v2.2.3-5"
}
}
},
{
"category": "product_version",
"name": "rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"product": {
"name": "rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"product_id": "rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-application-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"product": {
"name": "rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"product_id": "rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-channel-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"product": {
"name": "rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"product_id": "rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-deployable-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"product": {
"name": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"product_id": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-placementrule-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"product": {
"name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"product_id": "rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-subscription-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"product": {
"name": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"product_id": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-subscription-release-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"product": {
"name": "rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"product_id": "rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/observatorium-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"product": {
"name": "rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"product_id": "rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/observatorium-rhel8-operator\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"product": {
"name": "rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"product_id": "rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/openshift-hive-rhel7\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"product": {
"name": "rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"product_id": "rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/rbac-query-proxy-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"product": {
"name": "rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"product_id": "rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/rcm-controller-rhel8\u0026tag=v2.2.3-5"
}
}
},
{
"category": "product_version",
"name": "rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"product": {
"name": "rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"product_id": "rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/redisgraph-tls-rhel8\u0026tag=v2.2.3-2"
}
}
},
{
"category": "product_version",
"name": "rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"product": {
"name": "rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"product_id": "rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"product_identification_helper": {
"purl": "pkg:oci/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/registration-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"product": {
"name": "rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"product_id": "rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/registration-rhel8-operator\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"product": {
"name": "rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"product_id": "rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-aggregator-rhel7\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"product": {
"name": "rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"product_id": "rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-api-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"product": {
"name": "rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"product_id": "rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"product_identification_helper": {
"purl": "pkg:oci/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-collector-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"product": {
"name": "rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"product_id": "rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"product": {
"name": "rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"product_id": "rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"product_identification_helper": {
"purl": "pkg:oci/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/search-ui-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"product": {
"name": "rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"product_id": "rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/submariner-addon-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"product": {
"name": "rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"product_id": "rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"product_identification_helper": {
"purl": "pkg:oci/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/thanos-rhel7\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"product": {
"name": "rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"product_id": "rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/thanos-receive-controller-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64",
"product": {
"name": "rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64",
"product_id": "rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2/work-rhel8\u0026tag=v2.2.3-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"product": {
"name": "rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"product_id": "rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/cert-policy-controller-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"product": {
"name": "rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"product_id": "rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"product_identification_helper": {
"purl": "pkg:oci/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/config-policy-controller-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"product": {
"name": "rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"product_id": "rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/endpoint-component-rhel8-operator\u0026tag=v2.2.3-2"
}
}
},
{
"category": "product_version",
"name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"product": {
"name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"product_id": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"product_identification_helper": {
"purl": "pkg:oci/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/endpoint-monitoring-rhel8-operator\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"product": {
"name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"product_id": "rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"product_identification_helper": {
"purl": "pkg:oci/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-spec-sync-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"product": {
"name": "rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"product_id": "rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-status-sync-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"product": {
"name": "rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"product_id": "rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/governance-policy-template-sync-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"product": {
"name": "rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"product_id": "rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/iam-policy-controller-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"product": {
"name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"product_id": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"product_identification_helper": {
"purl": "pkg:oci/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/klusterlet-addon-lease-controller-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"product": {
"name": "rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"product_id": "rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/metrics-collector-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"product": {
"name": "rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"product_id": "rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/multicloud-manager-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"product": {
"name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"product_id": "rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/multicluster-operators-subscription-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"product": {
"name": "rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"product_id": "rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/registration-rhel8\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"product": {
"name": "rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"product_id": "rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"product_identification_helper": {
"purl": "pkg:oci/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/registration-rhel8-operator\u0026tag=v2.2.3-4"
}
}
},
{
"category": "product_version",
"name": "rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"product": {
"name": "rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"product_id": "rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/search-collector-rhel8\u0026tag=v2.2.3-3"
}
}
},
{
"category": "product_version",
"name": "rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"product": {
"name": "rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"product_id": "rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2/work-rhel8\u0026tag=v2.2.3-3"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
"product_id": "7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64"
},
"product_reference": "rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"relates_to_product_reference": "7Server-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
"product_id": "7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64"
},
"product_reference": "rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"relates_to_product_reference": "7Server-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
"product_id": "7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64"
},
"product_reference": "rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"relates_to_product_reference": "7Server-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
"product_id": "7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64"
},
"product_reference": "rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"relates_to_product_reference": "7Server-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 7",
"product_id": "7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64"
},
"product_reference": "rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"relates_to_product_reference": "7Server-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64"
},
"product_reference": "rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64"
},
"product_reference": "rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64"
},
"product_reference": "rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64"
},
"product_reference": "rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64"
},
"product_reference": "rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64"
},
"product_reference": "rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64"
},
"product_reference": "rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x"
},
"product_reference": "rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64"
},
"product_reference": "rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64"
},
"product_reference": "rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64"
},
"product_reference": "rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x"
},
"product_reference": "rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64"
},
"product_reference": "rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64"
},
"product_reference": "rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64"
},
"product_reference": "rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64"
},
"product_reference": "rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x"
},
"product_reference": "rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64"
},
"product_reference": "rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64"
},
"product_reference": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x"
},
"product_reference": "rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64"
},
"product_reference": "rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64"
},
"product_reference": "rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64"
},
"product_reference": "rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x"
},
"product_reference": "rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x"
},
"product_reference": "rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64"
},
"product_reference": "rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x"
},
"product_reference": "rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64"
},
"product_reference": "rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64"
},
"product_reference": "rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64"
},
"product_reference": "rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64"
},
"product_reference": "rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x"
},
"product_reference": "rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64"
},
"product_reference": "rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x"
},
"product_reference": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64"
},
"product_reference": "rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64"
},
"product_reference": "rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64"
},
"product_reference": "rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64"
},
"product_reference": "rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64"
},
"product_reference": "rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64"
},
"product_reference": "rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x"
},
"product_reference": "rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64"
},
"product_reference": "rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64"
},
"product_reference": "rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x"
},
"product_reference": "rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64"
},
"product_reference": "rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64"
},
"product_reference": "rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64"
},
"product_reference": "rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64"
},
"product_reference": "rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64"
},
"product_reference": "rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64"
},
"product_reference": "rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64"
},
"product_reference": "rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x"
},
"product_reference": "rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64"
},
"product_reference": "rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64"
},
"product_reference": "rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64"
},
"product_reference": "rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64"
},
"product_reference": "rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64"
},
"product_reference": "rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64"
},
"product_reference": "rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64"
},
"product_reference": "rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x"
},
"product_reference": "rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64"
},
"product_reference": "rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x"
},
"product_reference": "rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64"
},
"product_reference": "rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64"
},
"product_reference": "rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64"
},
"product_reference": "rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x"
},
"product_reference": "rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64"
},
"product_reference": "rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64"
},
"product_reference": "rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64"
},
"product_reference": "rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64"
},
"product_reference": "rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x"
},
"product_reference": "rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"relates_to_product_reference": "8Base-RHACM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.2 for RHEL 8",
"product_id": "8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
},
"product_reference": "rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64",
"relates_to_product_reference": "8Base-RHACM-2.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28469",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1945459"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent function. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-glob-parent: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While some components do package a vulnerable version of glob-parent, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n - OpenShift Container Platform (OCP)\n - OpenShift ServiceMesh (OSSM)\n - Red Hat Advanced Cluster Management for Kubernetes (RHACM)\n - OpenShift distributed tracing",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-28469"
},
{
"category": "external",
"summary": "RHBZ#1945459",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905",
"url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
}
],
"release_date": "2021-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-04T20:14:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing",
"product_ids": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1499"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-glob-parent: Regular expression denial of service"
},
{
"cve": "CVE-2021-23358",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-03-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944286"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-underscore: Arbitrary code execution via the template function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "RHBZ#1944286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358"
}
],
"release_date": "2021-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-04T20:14:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing",
"product_ids": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1499"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-underscore: Arbitrary code execution via the template function"
},
{
"cve": "CVE-2021-28092",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2021-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1939103"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in is-svg package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS).\r\nThe highest threat from this vulnerability is to availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-is-svg: ReDoS via malicious string",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenShift Container Platform (RHOCP) 4 delivers the kibana package where the nodejs-is-svg package is bundled, but during the update to container first (to openshift4/ose-logging-kibana6 since OCP 4.5) the dependency was removed and hence kibana package is marked as wontfix. This may be fixed in the future.\n\nIn OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Container Platform (RHOCP) the affected components are behind OpenShift OAuth. This restricts access to the vulnerable nodejs-is-svg to authenticated users only, therefore the impact is low.\n\nRed Hat Quay includes is-svg as a dependency of css-loader which is only using during development, not runtime. This issues has been rated low impact for Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28092"
},
{
"category": "external",
"summary": "RHBZ#1939103",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939103"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28092",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28092"
}
],
"release_date": "2021-03-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-04T20:14:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing",
"product_ids": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1499"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-is-svg: ReDoS via malicious string"
},
{
"cve": "CVE-2021-28918",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2021-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944827"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-netmask. Octal input data may lead to a server-side request forgery, remote file inclusion, local file inclusion, and other vulnerabilities. The highest threat from this vulnerability is to data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-netmask: improper input validation of octal input data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact of this flaw largely depends on the environment where the affected library is being used. This flaw could be used to redirect an adversary to an exposed, unprotected endpoint. Depending on the functionality of the affected endpoint that could result in a loss of confidentiality, integrity and availability.\nThe affected library is used in Red Hat Advanced Cluster Management for Kubernetes only in the development and build processes. Consequently the severity of this flaw to RHACM is downgraded to low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-28918"
},
{
"category": "external",
"summary": "RHBZ#1944827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-28918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28918"
},
{
"category": "external",
"summary": "https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918",
"url": "https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918"
}
],
"release_date": "2021-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-04T20:14:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing",
"product_ids": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1499"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-netmask: improper input validation of octal input data"
},
{
"cve": "CVE-2021-29418",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-03-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944822"
}
],
"notes": [
{
"category": "description",
"text": "The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP address string, such as an octal digit of 9. This (in some situations) allows attackers to bypass access control that is based on IP addresses. NOTE: this issue exists because of an incomplete fix for CVE-2021-28918.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact of this flaw largely depends on the environment where the affected library is being used. This flaw could be used to redirect an adversary to an exposed, unprotected endpoint. Depending on the functionality of the affected endpoint that could result in a loss of confidentiality, integrity and availability. The affected library is used in Red Hat Advanced Cluster Management for Kubernetes only in the development and build processes. Consequently the severity of this flaw to RHACM is downgraded to low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-29418"
},
{
"category": "external",
"summary": "RHBZ#1944822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-29418",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-29418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29418"
},
{
"category": "external",
"summary": "https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918",
"url": "https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918"
}
],
"release_date": "2021-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-05-04T20:14:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html-single/install/index#installing",
"product_ids": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:1499"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-RHACM-2.2:rhacm2/management-ingress-rhel7@sha256:a0613855524f87300cc09200454d9847153300c7b65d2d77befe47915324aee8_amd64",
"7Server-RHACM-2.2:rhacm2/memcached-exporter-rhel7@sha256:ae7c45c230eb794a328b5ef84ea581ee346dfb7676fc315f466ef4be692463fd_amd64",
"7Server-RHACM-2.2:rhacm2/openshift-hive-rhel7@sha256:84594693de1eb7049c51356b01066dbfeab351e0b55905bcc52cee54854f4728_amd64",
"7Server-RHACM-2.2:rhacm2/search-aggregator-rhel7@sha256:e3d346b3307c72fb569f12703d5d22c29626d733038bad4d51029868f17b20f2_amd64",
"7Server-RHACM-2.2:rhacm2/thanos-rhel7@sha256:29bb75e87001f3cb8d72745e1687594c2ca8f97533fe47cdc24f5be5644a7560_amd64",
"8Base-RHACM-2.2:rhacm2/acm-must-gather-rhel8@sha256:0bb29d1cba22518007974c7bbab7b4617e2ceab585e60c625d24d87502da6b45_amd64",
"8Base-RHACM-2.2:rhacm2/acm-operator-bundle@sha256:3560cfe5aa98787496ad1db0440c32a53c9f91ec6bf56fe674b44fcce0913fbc_amd64",
"8Base-RHACM-2.2:rhacm2/acmesolver-rhel8@sha256:223b37b9695d7d6a5228e678a0564c6e10f7adcc49caa77a23ef199462c7e4dc_amd64",
"8Base-RHACM-2.2:rhacm2/application-ui-rhel8@sha256:7d6f9a9edfe8bfaded38f27cb8a0c869a01668971090d2cd0f3117de78722fc5_amd64",
"8Base-RHACM-2.2:rhacm2/cainjector-rhel8@sha256:d5be63f07c4edb5dfd7f2a2ced218c1efab961c7df062da7e1d169a84b1be4fc_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-controller-rhel8@sha256:d8c0f16004b3ef5f8ee9fbcaf4480c5ffc0729cb78a69ff4b7fb0fd18fe114ad_amd64",
"8Base-RHACM-2.2:rhacm2/cert-manager-webhook-rhel8@sha256:6c6c2e1593e7e06bbe68f639df55aa975a40355d2032b2cfcd8f033596465e55_amd64",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:07bccd6c99f63fed8fe9ceef648dc2d3a2878ee74fe950d690203bf44de97eec_s390x",
"8Base-RHACM-2.2:rhacm2/cert-policy-controller-rhel8@sha256:7e9953ca96ed0dbd72dbd1566201bc11c1f8a579c477d684b825813e8b47590e_amd64",
"8Base-RHACM-2.2:rhacm2/clusterlifecycle-state-metrics-rhel8@sha256:7035492ba7af4ac41c14cc47880ed22ac57e818dc28a640ebae78c18ef6921c8_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:6943e5da86a506bac1397bd532fb2cd550012f1fdf9fb610e196f254b295f014_amd64",
"8Base-RHACM-2.2:rhacm2/config-policy-controller-rhel8@sha256:9fd81fbad70bccf016b5429f32d03bd16b24acf328b022cb358ccaccaa227512_s390x",
"8Base-RHACM-2.2:rhacm2/configmap-watcher-rhel8@sha256:8e4eaea9801371aaafa9717b41a4f1ccbde3eaa51c32eb92744f763598b4fc79_amd64",
"8Base-RHACM-2.2:rhacm2/console-api-rhel8@sha256:7c6137ec495cbe78b264d52157e702f879ce2e7662dd7dce197d161c32d46f01_amd64",
"8Base-RHACM-2.2:rhacm2/console-header-rhel8@sha256:00ea0ba3d5bf31e09f0f7a386cb3cb3bca8d33f98a76f37f79fc9b04f3bc9d7e_amd64",
"8Base-RHACM-2.2:rhacm2/console-rhel8@sha256:1dba9558579be6b3cfa2c9d8ba68b9d773a92280c56e6889a5b6ca2aa64478ce_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:9ebec2eded2b5251dcf909334441bf5c2efd20e3781669967ec9f8f787a11be5_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-component-rhel8-operator@sha256:b86ea1748942002ec2d6d416565973da705bba3d573025b2c169f41d97c1d50a_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:0e78ff617e2902e74d1f338e7944959b7c695c8ae169305fda07efd9c4598644_amd64",
"8Base-RHACM-2.2:rhacm2/endpoint-monitoring-rhel8-operator@sha256:ec9aad80bdbba16bdcecc048bb4e1f0d8920c77e746287b5a8be4c6e14baad75_s390x",
"8Base-RHACM-2.2:rhacm2/endpoint-rhel8-operator@sha256:554c7370dc2aeaf7b0745ce851524e1c1d3dd61d79add6937399bbf9cbdcdfcd_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-propagator-rhel8@sha256:cd4ae7c17754ab1bd8f252734df840dcca85429948701fc16bcbdbc356c507bf_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:6310565d0f793a3b07d594094fc4e2afd04a8f7046f9ac3f7fabbaea23dda3c6_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-spec-sync-rhel8@sha256:911683e6d67f3ae50b9af94c9300260fa031133535194c1cbb0723a686fecd45_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:3c48789e9afd3632303b17ea34a4ccf90d371afd0924f12488523d1fa9cea56d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-status-sync-rhel8@sha256:cd6043b006dfbe1937ede2885b0da33521a9eb24b5eb8a169c125bec75fa6b9b_amd64",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:9e433518c82ad8d071753f5708036234e16c3f3f6bd5ba75604246e33a52fc4d_s390x",
"8Base-RHACM-2.2:rhacm2/governance-policy-template-sync-rhel8@sha256:f811455f20a2f2add5c78a57f911a24b8f4b608fd3a2f30864f17e48404fd420_amd64",
"8Base-RHACM-2.2:rhacm2/grafana-dashboard-loader-rhel8@sha256:ea0d74057cfde2932d167c552472f79858b5364cfce3826717c3e8c5802a7a2b_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-api-rhel8@sha256:9a965a0be9cd8bdb8948f3c1a68fae9113dfb19897a98e268bf3eef728ef7df5_amd64",
"8Base-RHACM-2.2:rhacm2/grc-ui-rhel8@sha256:9cb1cd8da84aa911b11574722efdf5ff720b846eb5a0654eb0867df54a383dd4_amd64",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:0256606322c44bee32e128e483bd7266666727a0506195c3beda203acbdf73c6_s390x",
"8Base-RHACM-2.2:rhacm2/iam-policy-controller-rhel8@sha256:288a09597d12e03c5f1de70bfa7f053c732d1fa2042af2909e7ae1f4e91d44d8_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:07eea7acc8662b41948f39665e253f1d00eab4daf9bb3a7b8962a4255bb65c84_s390x",
"8Base-RHACM-2.2:rhacm2/klusterlet-addon-lease-controller-rhel8@sha256:2cf21a08530390604004e651c1ac6a3333940c38486e0754e4368698021eb13e_amd64",
"8Base-RHACM-2.2:rhacm2/klusterlet-operator-bundle@sha256:33651be7274ff2cd66c9e23e7eb20d5d5ca9649aed6777bb8b0ec03dfc8b0707_amd64",
"8Base-RHACM-2.2:rhacm2/kui-web-terminal-rhel8@sha256:dfab455cbbfbdffb164ce49ed1224e6f8634a89c21f3b27e50943214645186a8_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-api-rhel8@sha256:d6473721ea36eda32655fd6f243b9d568b257ad1b62de3eea675a278b85bd2b3_amd64",
"8Base-RHACM-2.2:rhacm2/mcm-topology-rhel8@sha256:7e432659d224dfdc917bbe8137499218294d461ae02e5ec892a82f4660819e00_amd64",
"8Base-RHACM-2.2:rhacm2/memcached-rhel8@sha256:cbc0cde4258abc1ae2aa28ca8b6cc3e8263cbcf4ed069403b6b188024fbf6ea2_amd64",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:453bb4c7b5fbf42b71d0b1b4b94b80a764cc73728f255ec71c1305240cbbecd0_s390x",
"8Base-RHACM-2.2:rhacm2/metrics-collector-rhel8@sha256:685769cd5d11c7c6bba7010e47f34f9d90fd7d095a7491d19649535f74b710fe_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:4e4967cde347d3f6b575dae4792b104e19d31584e2a3d7ab7614102eb0b23066_amd64",
"8Base-RHACM-2.2:rhacm2/multicloud-manager-rhel8@sha256:9a4efdcd28bbe4e9dedf7a953600b188e468040c67dd9b1b1d91e5bade4f1d8c_s390x",
"8Base-RHACM-2.2:rhacm2/multicluster-observability-rhel8-operator@sha256:0827a73839aa2c20ba100b9afdc61ea72cb652d7032ed53cb6ba94f602d2571a_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-application-rhel8@sha256:3826ed5fd59605642b3124d16f599ed28ca752d9f9d21e8ca5d9cbcb078b0f0b_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-channel-rhel8@sha256:39b601074ab8e95a6e05e964ac251c893053d6c83540b2b4753c27d4111ee4c9_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-deployable-rhel8@sha256:b4c5df1f465c4f2662ab11a7fd881248fda1f5aab998c7305a0870f741f3ccdb_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-placementrule-rhel8@sha256:ce124e19b29bba34dfe8105ad29a72e92eb3d1886bd3a6d24896d913c2556898_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-release-rhel8@sha256:caf21eee6edf41d4a466803161b48868c54a944a4397d744af41f1204f218bd8_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:72e347f68300ad66cd0bd2fc31058c9dd30e4929e11041c10c5a8745bb2d3ac7_amd64",
"8Base-RHACM-2.2:rhacm2/multicluster-operators-subscription-rhel8@sha256:a400c2ddd63c000097fa2edd9b6ddef638bed0f3adc45f5d588aebe72c3575cf_s390x",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-repo-rhel8@sha256:f27059129b14616837e10874c498b43b4bb8929b88434ed4cef313dbaae2b31d_amd64",
"8Base-RHACM-2.2:rhacm2/multiclusterhub-rhel8@sha256:2d27e1a724488cd35d397a71734102d9f1d7b546502ca045dae9c9519c58516f_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8-operator@sha256:ed5b52c482d9397d867ab48f9b1f44ced433a7633473031fcb4dfda18b8df9f9_amd64",
"8Base-RHACM-2.2:rhacm2/observatorium-rhel8@sha256:6eae25ed1f8eb0ef7c04dbe51dc78060ff21430ef5f16dfaf99e3c68c8c069e9_amd64",
"8Base-RHACM-2.2:rhacm2/rbac-query-proxy-rhel8@sha256:ba7a29e16502013b624b47ab00da3368a72ee6968345675139afe6463267ccbf_amd64",
"8Base-RHACM-2.2:rhacm2/rcm-controller-rhel8@sha256:0ac5013e5f94f90c3af74dbe8dca14de51fd7273487254e3d04cfe3e03f98c44_amd64",
"8Base-RHACM-2.2:rhacm2/redisgraph-tls-rhel8@sha256:063bd1ec33ee37d974b58b8c7c80e4895195dfca43b97a8e0760d8151de9bce3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:201f6d4c9c38f3c46281e00ffc4a9936460f9ff040508bcbde6dadbf4ff88644_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8-operator@sha256:5464392f7e0577f0676d7e4695650ac2a852144cefb40e49e9c2470a6580f5f3_amd64",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:a9fb158bee683ac6dde77719a06c91cb3a987d62fe21eb8ba49cd26a856fd30a_s390x",
"8Base-RHACM-2.2:rhacm2/registration-rhel8@sha256:b7541dcb971e5c3f69897487b97f9181d6c737f475f33f56088896b6949df864_amd64",
"8Base-RHACM-2.2:rhacm2/search-api-rhel8@sha256:0b9a2801895df3f8fd65c0f79f040f2648154a233c91daedf149ccb704d2f88f_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:097db2dbcdd14bfa04e9db4f834b5d52e2f1bdd10c33f50f4d770fee4ae37e85_amd64",
"8Base-RHACM-2.2:rhacm2/search-collector-rhel8@sha256:c89ea2c344cce6691acd5f9a533b1959b587c591917cbcb97521d97b591258d6_s390x",
"8Base-RHACM-2.2:rhacm2/search-rhel8@sha256:a233f8ef911c084b88018b4303ddead13dc9967e792d5de7d32b5467e9defa6b_amd64",
"8Base-RHACM-2.2:rhacm2/search-ui-rhel8@sha256:674dd7f99889454e6d602de1dd8d3a9757be00ba8debbd79d774cc105e4fcc02_amd64",
"8Base-RHACM-2.2:rhacm2/submariner-addon-rhel8@sha256:358bf8fc2ae871720f99ed56a2e6c5343f4e4526cd6d3404e2e41e42564e2c23_amd64",
"8Base-RHACM-2.2:rhacm2/thanos-receive-controller-rhel8@sha256:1c29f7512a1a7e8d165841979b9259a85a544cdd2abfe806673758c72e76fb21_amd64",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:1a978bfaaec9a74938d42dc3962b2189488f0b59951b95771ff45ed3eb81a0e6_s390x",
"8Base-RHACM-2.2:rhacm2/work-rhel8@sha256:d7dcf2ec84a8a0c56afd93fff350e126de438d96c1fc62805367b1f38427256f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…