Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-32740 (GCVE-0-2021-32740)
Vulnerability from cvelistv5 – Published: 2021-07-06 14:15 – Updated: 2024-08-03 23:33
VLAI
EPSS
Title
Regular Expression Denial of Service in Addressable templates
Summary
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.
Severity
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/sporkmonger/addressable/securi… | x_refsource_CONFIRM |
| https://github.com/sporkmonger/addressable/commit… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| sporkmonger | addressable |
Affected:
> 2.3.0, <= 2.7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:54.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc"
},
{
"name": "FEDORA-2021-5d14763df8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/"
},
{
"name": "FEDORA-2021-e9fc035565",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "addressable",
"vendor": "sporkmonger",
"versions": [
{
"status": "affected",
"version": "\u003e 2.3.0, \u003c= 2.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Addressable is an alternative implementation to the URI implementation that is part of Ruby\u0027s standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-27T20:06:16.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc"
},
{
"name": "FEDORA-2021-5d14763df8",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/"
},
{
"name": "FEDORA-2021-e9fc035565",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/"
}
],
"source": {
"advisory": "GHSA-jxhc-q857-3j6g",
"discovery": "UNKNOWN"
},
"title": "Regular Expression Denial of Service in Addressable templates",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32740",
"STATE": "PUBLIC",
"TITLE": "Regular Expression Denial of Service in Addressable templates"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "addressable",
"version": {
"version_data": [
{
"version_value": "\u003e 2.3.0, \u003c= 2.7.0"
}
]
}
}
]
},
"vendor_name": "sporkmonger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Addressable is an alternative implementation to the URI implementation that is part of Ruby\u0027s standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g",
"refsource": "CONFIRM",
"url": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g"
},
{
"name": "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc",
"refsource": "MISC",
"url": "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc"
},
{
"name": "FEDORA-2021-5d14763df8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/"
},
{
"name": "FEDORA-2021-e9fc035565",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/"
}
]
},
"source": {
"advisory": "GHSA-jxhc-q857-3j6g",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32740",
"datePublished": "2021-07-06T14:15:12.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:33:54.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-32740",
"date": "2026-05-27",
"epss": "0.02533",
"percentile": "0.8565"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-32740\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-07-06T15:15:07.647\",\"lastModified\":\"2024-11-21T06:07:38.920\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Addressable is an alternative implementation to the URI implementation that is part of Ruby\u0027s standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.\"},{\"lang\":\"es\",\"value\":\"Addressable es una implementaci\u00f3n alternativa a la implementaci\u00f3n URI que forma parte de la biblioteca est\u00e1ndar de Ruby. Se presenta una vulnerabilidad de consumo de recursos no controlados despu\u00e9s de la versi\u00f3n 2.3.0 hasta la versi\u00f3n 2.7.0. Dentro de la implementaci\u00f3n de plantillas URI en Addressable, una plantilla dise\u00f1ada maliciosamente puede resultar en un consumo no controlado de recursos, conllevando a una denegaci\u00f3n de servicio cuando se compara con una URI. En el uso t\u00edpico, las plantillas no se leer\u00edan normalmente de la entrada de un usuario no fiable, pero sin embargo, ning\u00fan aviso de seguridad anterior para Addressable ha sido advertido en contra esto. Unos usuarios de las capacidades de an\u00e1lisis de Addressable, pero no de las capacidades de plantillas URI, no est\u00e1n afectados. La vulnerabilidad est\u00e1 parcheada en la versi\u00f3n 2.8.0. Como soluci\u00f3n, s\u00f3lo cree objetos de Plantilla desde fuentes confiables que hayan sido comprobadas para no producir retrocesos catastr\u00f3ficos\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:addressable_project:addressable:*:*:*:*:*:ruby:*:*\",\"versionStartIncluding\":\"2.3.0\",\"versionEndExcluding\":\"2.8.0\",\"matchCriteriaId\":\"191A63ED-0569-4464-8354-7C78720CCCC5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]}],\"references\":[{\"url\":\"https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
BDU:2021-04454
Vulnerability from fstec - Published: 03.07.2021
VLAI
Title
Уязвимость библиотеки Addressable, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость библиотеки Addressable связана с неконтролируемым расходом ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании
Severity
Vendor
Сообщество свободного программного обеспечения, Novell Inc., Red Hat Inc., Addressable project
Software Name
Debian GNU/Linux, SUSE OpenStack Cloud, SUSE OpenStack Cloud Crowbar, Red Hat Satellite, OpenShift Container Platform, Red Hat 3scale API Management Platform, Addressable
Software Version
9 (Debian GNU/Linux), 7 (SUSE OpenStack Cloud), 8 (SUSE OpenStack Cloud Crowbar), 6.0 (Red Hat Satellite), 10 (Debian GNU/Linux), 9 (SUSE OpenStack Cloud Crowbar), 4 (OpenShift Container Platform), 2 (Red Hat 3scale API Management Platform), от 2.3.0 до 2.8.0 (Addressable), 11 (Debian GNU/Linux)
Possible Mitigations
Обновление библиотеки Addressable до актуальной версии
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2021-32740
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2021-32740.html
Для Debian:
использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-32740
Reference
https://access.redhat.com/security/cve/cve-2021-32740
https://nvd.nist.gov/vuln/detail/CVE-2021-32740
https://www.suse.com/security/cve/CVE-2021-32740.html
https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc
https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g
https://security-tracker.debian.org/tracker/CVE-2021-32740
CWE
CWE-400
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., Red Hat Inc., Addressable project",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 7 (SUSE OpenStack Cloud), 8 (SUSE OpenStack Cloud Crowbar), 6.0 (Red Hat Satellite), 10 (Debian GNU/Linux), 9 (SUSE OpenStack Cloud Crowbar), 4 (OpenShift Container Platform), 2 (Red Hat 3scale API Management Platform), \u043e\u0442 2.3.0 \u0434\u043e 2.8.0 (Addressable), 11 (Debian GNU/Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Addressable \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2021-32740\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-32740.html\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-32740",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.07.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.04.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.09.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-04454",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-32740",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, SUSE OpenStack Cloud, SUSE OpenStack Cloud Crowbar, Red Hat Satellite, OpenShift Container Platform, Red Hat 3scale API Management Platform, Addressable",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Addressable, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Addressable \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u0440\u0430\u0441\u0445\u043e\u0434\u043e\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2021-32740\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-32740\nhttps://www.suse.com/security/cve/CVE-2021-32740.html\nhttps://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc\nhttps://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g\nhttps://security-tracker.debian.org/tracker/CVE-2021-32740",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-400",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2025-AVI-0003
Vulnerability from certfr_avis - Published: 2025-01-03 - Updated: 2025-01-03
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Db2 warehouse versions ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL versions ant\u00e9rieures \u00e0 7.8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37370",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37370"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2022-24795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24795"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30991"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-38740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38740"
},
{
"name": "CVE-2023-45283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
},
{
"name": "CVE-2023-38719",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38719"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-30987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30987"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2022-31163",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31163"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2023-40373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40373"
},
{
"name": "CVE-2021-41186",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41186"
},
{
"name": "CVE-2024-0406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2023-38728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38728"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2023-38720",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38720"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-41993",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41993"
},
{
"name": "CVE-2023-39976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39976"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2022-0759",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0759"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2021-32740",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32740"
},
{
"name": "CVE-2023-40374",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40374"
},
{
"name": "CVE-2024-47220",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47220"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"name": "CVE-2023-39325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2023-40372",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40372"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2024-37371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37371"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
}
],
"initial_release_date": "2025-01-03T00:00:00",
"last_revision_date": "2025-01-03T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0003",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-03T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-01-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180133",
"url": "https://www.ibm.com/support/pages/node/7180133"
},
{
"published_at": "2025-01-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180137",
"url": "https://www.ibm.com/support/pages/node/7180137"
},
{
"published_at": "2025-01-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180105",
"url": "https://www.ibm.com/support/pages/node/7180105"
},
{
"published_at": "2025-01-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180134",
"url": "https://www.ibm.com/support/pages/node/7180134"
},
{
"published_at": "2025-01-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180135",
"url": "https://www.ibm.com/support/pages/node/7180135"
},
{
"published_at": "2025-01-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180138",
"url": "https://www.ibm.com/support/pages/node/7180138"
}
]
}
FKIE_CVE-2021-32740
Vulnerability from fkie_nvd - Published: 2021-07-06 15:15 - Updated: 2024-11-21 06:07
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| addressable_project | addressable | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:addressable_project:addressable:*:*:*:*:*:ruby:*:*",
"matchCriteriaId": "191A63ED-0569-4464-8354-7C78720CCCC5",
"versionEndExcluding": "2.8.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Addressable is an alternative implementation to the URI implementation that is part of Ruby\u0027s standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking."
},
{
"lang": "es",
"value": "Addressable es una implementaci\u00f3n alternativa a la implementaci\u00f3n URI que forma parte de la biblioteca est\u00e1ndar de Ruby. Se presenta una vulnerabilidad de consumo de recursos no controlados despu\u00e9s de la versi\u00f3n 2.3.0 hasta la versi\u00f3n 2.7.0. Dentro de la implementaci\u00f3n de plantillas URI en Addressable, una plantilla dise\u00f1ada maliciosamente puede resultar en un consumo no controlado de recursos, conllevando a una denegaci\u00f3n de servicio cuando se compara con una URI. En el uso t\u00edpico, las plantillas no se leer\u00edan normalmente de la entrada de un usuario no fiable, pero sin embargo, ning\u00fan aviso de seguridad anterior para Addressable ha sido advertido en contra esto. Unos usuarios de las capacidades de an\u00e1lisis de Addressable, pero no de las capacidades de plantillas URI, no est\u00e1n afectados. La vulnerabilidad est\u00e1 parcheada en la versi\u00f3n 2.8.0. Como soluci\u00f3n, s\u00f3lo cree objetos de Plantilla desde fuentes confiables que hayan sido comprobadas para no producir retrocesos catastr\u00f3ficos"
}
],
"id": "CVE-2021-32740",
"lastModified": "2024-11-21T06:07:38.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-07-06T15:15:07.647",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-JXHC-Q857-3J6G
Vulnerability from github – Published: 2021-07-12 16:58 – Updated: 2026-04-06 23:12
VLAI
Summary
Regular Expression Denial of Service in Addressable templates
Details
Impact
Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected.
Patches
The vulnerability was introduced in version 2.3.0 (previously yanked) and has been present in all subsequent versions up to, and including, 2.7.0. It is fixed in version 2.8.0.
Workarounds
The vulnerability can be avoided by only creating Template objects from trusted sources that have been validated not to produce catastrophic backtracking.
References
- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
- https://cwe.mitre.org/data/definitions/1333.html
- https://www.regular-expressions.info/catastrophic.html
For more information
If you have any questions or comments about this advisory: * Open an issue
Severity
7.5 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.7.0"
},
"package": {
"ecosystem": "RubyGems",
"name": "addressable"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-32740"
],
"database_specific": {
"cwe_ids": [
"CWE-1333",
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2021-07-06T15:25:32Z",
"nvd_published_at": "2021-07-06T15:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nWithin the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected.\n\n### Patches\n\nThe vulnerability was introduced in version 2.3.0 (previously yanked) and has been present in all subsequent versions up to, and including, 2.7.0. It is fixed in version 2.8.0.\n\n### Workarounds\n\nThe vulnerability can be avoided by only creating Template objects from trusted sources that have been validated not to produce catastrophic backtracking.\n\n### References\n\n- https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS\n- https://cwe.mitre.org/data/definitions/1333.html\n- https://www.regular-expressions.info/catastrophic.html\n\n### For more information\nIf you have any questions or comments about this advisory:\n* [Open an issue](https://github.com/sporkmonger/addressable/issues)",
"id": "GHSA-jxhc-q857-3j6g",
"modified": "2026-04-06T23:12:46Z",
"published": "2021-07-12T16:58:33Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32740"
},
{
"type": "WEB",
"url": "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc"
},
{
"type": "WEB",
"url": "https://github.com/sporkmonger/addressable/commit/89c76130ce255c601f642a018cb5fb5a80e679a7"
},
{
"type": "WEB",
"url": "https://github.com/sporkmonger/addressable/commit/92685096b1f7235ed8986c03ce30a24972eed848#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-jxhc-q857-3j6g"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/addressable/CVE-2021-32740.yml"
},
{
"type": "PACKAGE",
"url": "https://github.com/sporkmonger/addressable"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Regular Expression Denial of Service in Addressable templates"
}
GSD-2021-32740
Vulnerability from gsd - Updated: 2021-07-12 00:00Details
Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption,
leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input,
but nonetheless, no previous security advisory for Addressable has cautioned against doing this.
Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-32740",
"description": "Addressable is an alternative implementation to the URI implementation that is part of Ruby\u0027s standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.",
"id": "GSD-2021-32740",
"references": [
"https://www.suse.com/security/cve/CVE-2021-32740.html",
"https://access.redhat.com/errata/RHSA-2021:4702",
"https://access.redhat.com/errata/RHBA-2021:3393",
"https://advisories.mageia.org/CVE-2021-32740.html",
"https://security.archlinux.org/CVE-2021-32740"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "addressable",
"purl": "pkg:gem/addressable"
}
}
],
"aliases": [
"CVE-2021-32740",
"GHSA-jxhc-q857-3j6g"
],
"details": "Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption,\nleading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input,\nbut nonetheless, no previous security advisory for Addressable has cautioned against doing this.\nUsers of the parsing capabilities in Addressable but not the URI template capabilities are unaffected.\n",
"id": "GSD-2021-32740",
"modified": "2021-07-12T00:00:00.000Z",
"published": "2021-07-12T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/advisories/GHSA-jxhc-q857-3j6g"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.5,
"type": "CVSS_V3"
}
],
"summary": "Regular Expression Denial of Service in Addressable templates"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32740",
"STATE": "PUBLIC",
"TITLE": "Regular Expression Denial of Service in Addressable templates"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "addressable",
"version": {
"version_data": [
{
"version_value": "\u003e 2.3.0, \u003c= 2.7.0"
}
]
}
}
]
},
"vendor_name": "sporkmonger"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Addressable is an alternative implementation to the URI implementation that is part of Ruby\u0027s standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400: Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g",
"refsource": "CONFIRM",
"url": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g"
},
{
"name": "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc",
"refsource": "MISC",
"url": "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc"
},
{
"name": "FEDORA-2021-5d14763df8",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/"
},
{
"name": "FEDORA-2021-e9fc035565",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/"
}
]
},
"source": {
"advisory": "GHSA-jxhc-q857-3j6g",
"discovery": "UNKNOWN"
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2021-32740",
"cvss_v3": 7.5,
"date": "2021-07-12",
"description": "Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption,\nleading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input,\nbut nonetheless, no previous security advisory for Addressable has cautioned against doing this.\nUsers of the parsing capabilities in Addressable but not the URI template capabilities are unaffected.\n",
"gem": "addressable",
"ghsa": "jxhc-q857-3j6g",
"patched_versions": [
"\u003e= 2.8.0"
],
"title": "Regular Expression Denial of Service in Addressable templates",
"unaffected_versions": [
"\u003c 2.3.0"
],
"url": "https://github.com/advisories/GHSA-jxhc-q857-3j6g"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=2.3.0 \u003c2.8.0",
"affected_versions": "All versions starting from 2.3.0 before 2.8.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2021-09-21",
"description": "Addressable is an alternative implementation to the URI implementation that is part of Ruby\u0027s standard library. An uncontrolled resource consumption vulnerability exists Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.",
"fixed_versions": [
"2.8.0"
],
"identifier": "CVE-2021-32740",
"identifiers": [
"CVE-2021-32740",
"GHSA-jxhc-q857-3j6g"
],
"not_impacted": "All versions before 2.3.0, all versions starting from 2.8.0",
"package_slug": "gem/addressable",
"pubdate": "2021-07-06",
"solution": "Upgrade to version 2.8.0 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-32740"
],
"uuid": "c6b7051f-d938-48b6-8a3a-ddf35c8f96f9"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:addressable_project:addressable:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "2.8.0",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32740"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Addressable is an alternative implementation to the URI implementation that is part of Ruby\u0027s standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g"
},
{
"name": "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc",
"refsource": "MISC",
"tags": [
"Patch",
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/sporkmonger/addressable/commit/0d8a3127e35886ce9284810a7f2438bff6b43cbc"
},
{
"name": "FEDORA-2021-5d14763df8",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYPVOOQU7UB277UUERJMCNQLRCXRCIQ5/"
},
{
"name": "FEDORA-2021-e9fc035565",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDFQM2NHNAZ3NNUQZEJTYECYZYXV4UDS/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-09-21T18:18Z",
"publishedDate": "2021-07-06T15:15Z"
}
}
}
MSRC_CVE-2021-32740
Vulnerability from csaf_microsoft - Published: 2021-07-02 00:00 - Updated: 2021-07-30 00:00Summary
Regular Expression Denial of Service in Addressable templates
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2021-32740 Regular Expression Denial of Service in Addressable templates - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-32740.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Regular Expression Denial of Service in Addressable templates",
"tracking": {
"current_release_date": "2021-07-30T00:00:00.000Z",
"generator": {
"date": "2025-12-27T18:44:53.608Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2021-32740",
"initial_release_date": "2021-07-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-07-30T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 rubygem-addressable 2.8.0-1",
"product": {
"name": "\u003ccm1 rubygem-addressable 2.8.0-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 rubygem-addressable 2.8.0-1",
"product": {
"name": "cm1 rubygem-addressable 2.8.0-1",
"product_id": "19024"
}
}
],
"category": "product_name",
"name": "rubygem-addressable"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 rubygem-addressable 2.8.0-1 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 rubygem-addressable 2.8.0-1 as a component of CBL Mariner 1.0",
"product_id": "19024-16820"
},
"product_reference": "19024",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32740",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19024-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-32740 Regular Expression Denial of Service in Addressable templates - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-32740.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-07-30T00:00:00.000Z",
"details": "2.8.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "Regular Expression Denial of Service in Addressable templates"
}
]
}
OPENSUSE-SU-2024:11592-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby2.7-rubygem-http-5.0.4-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ruby2.7-rubygem-http-5.0.4-1.1 on GA media
Description of the patch: These are all security issues fixed in the ruby2.7-rubygem-http-5.0.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11592
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby2.7-rubygem-http-5.0.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby2.7-rubygem-http-5.0.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11592",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11592-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32740 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32740/"
}
],
"title": "ruby2.7-rubygem-http-5.0.4-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11592-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-http-5.0.4-1.1.aarch64",
"product": {
"name": "ruby2.7-rubygem-http-5.0.4-1.1.aarch64",
"product_id": "ruby2.7-rubygem-http-5.0.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-http-5.0.4-1.1.aarch64",
"product": {
"name": "ruby3.0-rubygem-http-5.0.4-1.1.aarch64",
"product_id": "ruby3.0-rubygem-http-5.0.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-http-5.0.4-1.1.ppc64le",
"product": {
"name": "ruby2.7-rubygem-http-5.0.4-1.1.ppc64le",
"product_id": "ruby2.7-rubygem-http-5.0.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-http-5.0.4-1.1.ppc64le",
"product": {
"name": "ruby3.0-rubygem-http-5.0.4-1.1.ppc64le",
"product_id": "ruby3.0-rubygem-http-5.0.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-http-5.0.4-1.1.s390x",
"product": {
"name": "ruby2.7-rubygem-http-5.0.4-1.1.s390x",
"product_id": "ruby2.7-rubygem-http-5.0.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-http-5.0.4-1.1.s390x",
"product": {
"name": "ruby3.0-rubygem-http-5.0.4-1.1.s390x",
"product_id": "ruby3.0-rubygem-http-5.0.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby2.7-rubygem-http-5.0.4-1.1.x86_64",
"product": {
"name": "ruby2.7-rubygem-http-5.0.4-1.1.x86_64",
"product_id": "ruby2.7-rubygem-http-5.0.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "ruby3.0-rubygem-http-5.0.4-1.1.x86_64",
"product": {
"name": "ruby3.0-rubygem-http-5.0.4-1.1.x86_64",
"product_id": "ruby3.0-rubygem-http-5.0.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-http-5.0.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.aarch64"
},
"product_reference": "ruby2.7-rubygem-http-5.0.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-http-5.0.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.ppc64le"
},
"product_reference": "ruby2.7-rubygem-http-5.0.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-http-5.0.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.s390x"
},
"product_reference": "ruby2.7-rubygem-http-5.0.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby2.7-rubygem-http-5.0.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.x86_64"
},
"product_reference": "ruby2.7-rubygem-http-5.0.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-http-5.0.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.aarch64"
},
"product_reference": "ruby3.0-rubygem-http-5.0.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-http-5.0.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.ppc64le"
},
"product_reference": "ruby3.0-rubygem-http-5.0.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-http-5.0.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.s390x"
},
"product_reference": "ruby3.0-rubygem-http-5.0.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.0-rubygem-http-5.0.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.x86_64"
},
"product_reference": "ruby3.0-rubygem-http-5.0.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32740"
}
],
"notes": [
{
"category": "general",
"text": "Addressable is an alternative implementation to the URI implementation that is part of Ruby\u0027s standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32740",
"url": "https://www.suse.com/security/cve/CVE-2021-32740"
},
{
"category": "external",
"summary": "SUSE Bug 1188207 for CVE-2021-32740",
"url": "https://bugzilla.suse.com/1188207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.s390x",
"openSUSE Tumbleweed:ruby2.7-rubygem-http-5.0.4-1.1.x86_64",
"openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.s390x",
"openSUSE Tumbleweed:ruby3.0-rubygem-http-5.0.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-32740"
}
]
}
OPENSUSE-SU-2024:12247-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby3.1-rubygem-http-5.1.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: ruby3.1-rubygem-http-5.1.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the ruby3.1-rubygem-http-5.1.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12247
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.1-rubygem-http-5.1.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.1-rubygem-http-5.1.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12247",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12247-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32740 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32740/"
}
],
"title": "ruby3.1-rubygem-http-5.1.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12247-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-http-5.1.0-1.1.aarch64",
"product": {
"name": "ruby3.1-rubygem-http-5.1.0-1.1.aarch64",
"product_id": "ruby3.1-rubygem-http-5.1.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-http-5.1.0-1.1.ppc64le",
"product": {
"name": "ruby3.1-rubygem-http-5.1.0-1.1.ppc64le",
"product_id": "ruby3.1-rubygem-http-5.1.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-http-5.1.0-1.1.s390x",
"product": {
"name": "ruby3.1-rubygem-http-5.1.0-1.1.s390x",
"product_id": "ruby3.1-rubygem-http-5.1.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.1-rubygem-http-5.1.0-1.1.x86_64",
"product": {
"name": "ruby3.1-rubygem-http-5.1.0-1.1.x86_64",
"product_id": "ruby3.1-rubygem-http-5.1.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-http-5.1.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.aarch64"
},
"product_reference": "ruby3.1-rubygem-http-5.1.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-http-5.1.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.ppc64le"
},
"product_reference": "ruby3.1-rubygem-http-5.1.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-http-5.1.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.s390x"
},
"product_reference": "ruby3.1-rubygem-http-5.1.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.1-rubygem-http-5.1.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.x86_64"
},
"product_reference": "ruby3.1-rubygem-http-5.1.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32740"
}
],
"notes": [
{
"category": "general",
"text": "Addressable is an alternative implementation to the URI implementation that is part of Ruby\u0027s standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32740",
"url": "https://www.suse.com/security/cve/CVE-2021-32740"
},
{
"category": "external",
"summary": "SUSE Bug 1188207 for CVE-2021-32740",
"url": "https://bugzilla.suse.com/1188207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.aarch64",
"openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.ppc64le",
"openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.s390x",
"openSUSE Tumbleweed:ruby3.1-rubygem-http-5.1.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-32740"
}
]
}
OPENSUSE-SU-2024:13157-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
ruby3.2-rubygem-http-5.1.0-1.4 on GA media
Severity
Moderate
Notes
Title of the patch: ruby3.2-rubygem-http-5.1.0-1.4 on GA media
Description of the patch: These are all security issues fixed in the ruby3.2-rubygem-http-5.1.0-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13157
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "ruby3.2-rubygem-http-5.1.0-1.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the ruby3.2-rubygem-http-5.1.0-1.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13157",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13157-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32740 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32740/"
}
],
"title": "ruby3.2-rubygem-http-5.1.0-1.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13157-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-http-5.1.0-1.4.aarch64",
"product": {
"name": "ruby3.2-rubygem-http-5.1.0-1.4.aarch64",
"product_id": "ruby3.2-rubygem-http-5.1.0-1.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-http-5.1.0-1.4.ppc64le",
"product": {
"name": "ruby3.2-rubygem-http-5.1.0-1.4.ppc64le",
"product_id": "ruby3.2-rubygem-http-5.1.0-1.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-http-5.1.0-1.4.s390x",
"product": {
"name": "ruby3.2-rubygem-http-5.1.0-1.4.s390x",
"product_id": "ruby3.2-rubygem-http-5.1.0-1.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "ruby3.2-rubygem-http-5.1.0-1.4.x86_64",
"product": {
"name": "ruby3.2-rubygem-http-5.1.0-1.4.x86_64",
"product_id": "ruby3.2-rubygem-http-5.1.0-1.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-http-5.1.0-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.aarch64"
},
"product_reference": "ruby3.2-rubygem-http-5.1.0-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-http-5.1.0-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.ppc64le"
},
"product_reference": "ruby3.2-rubygem-http-5.1.0-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-http-5.1.0-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.s390x"
},
"product_reference": "ruby3.2-rubygem-http-5.1.0-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ruby3.2-rubygem-http-5.1.0-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.x86_64"
},
"product_reference": "ruby3.2-rubygem-http-5.1.0-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32740"
}
],
"notes": [
{
"category": "general",
"text": "Addressable is an alternative implementation to the URI implementation that is part of Ruby\u0027s standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 through version 2.7.0. Within the URI template implementation in Addressable, a maliciously crafted template may result in uncontrolled resource consumption, leading to denial of service when matched against a URI. In typical usage, templates would not normally be read from untrusted user input, but nonetheless, no previous security advisory for Addressable has cautioned against doing this. Users of the parsing capabilities in Addressable but not the URI template capabilities are unaffected. The vulnerability is patched in version 2.8.0. As a workaround, only create Template objects from trusted sources that have been validated not to produce catastrophic backtracking.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32740",
"url": "https://www.suse.com/security/cve/CVE-2021-32740"
},
{
"category": "external",
"summary": "SUSE Bug 1188207 for CVE-2021-32740",
"url": "https://bugzilla.suse.com/1188207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.aarch64",
"openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.ppc64le",
"openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.s390x",
"openSUSE Tumbleweed:ruby3.2-rubygem-http-5.1.0-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-32740"
}
]
}
RHBA-2021:3393
Vulnerability from csaf_redhat - Published: 2021-09-07 16:28 - Updated: 2026-03-21 05:04Summary
Red Hat Bug Fix Advisory: Openshift Logging Bug Fix Release (5.2.0)
Severity
Moderate
Notes
Topic: Openshift Logging Bug Fix Release (5.2.0)
Details: Openshift Logging Bug Fix Release (5.2.0)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A resource-consumption vulnerability was found in rubygem addressable, where its URI template implementation could allow an attacker's crafted template to consume resources, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:61e1d646090fe7832579e0cdb6c82750f42498354ed192935dd3e2c69cf88607_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:76f129f017634397a17657ac57e6aa0d54152d43fe520960fd953f382e2d7242_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a9f2513d88f73a1e8791285e01fb8679887ee55428f25ac83eb296de09783aa1_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:b86bf7654c7919887a004c3953840eed5d514bf0f08106ce043bc4c3dae37c83_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:09af2549ff71a9ffa19538ff53599713af715b9623f6f5114449d45232162c71_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:423828d9ee730e4c264713256d19cab0d8fcd0eeee32883922bd589c0d3c9ecb_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:b9bccd956a9fe22506696f4ff1a83410ebbeb48b8dad3c1ee5dbd9270e061e04_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:788929ff683450b7cb0c48af4f5e6d0b2dc7d4a38d4d072c9a16e0d0542a1304_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:07394901f71213f2428c99a6a0e469ef9be97db4fd2ff41d3ec8fc3a862b2bfe_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:3c0fa213fc00f5301278d4dd8cdc3b86625bdeca3c446871fc833b693f17fed1_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:5dad0b5e1e09e9c0b8ac0dbe3635ff9986ef5efa2fbd1d8057a4ec71a045b91a_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:cafdc3bd78546fb514cb2cbdc4eb49a577c96cc87089c3b86e8e8af730d500d3_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:e7d91d273055029172d55ae4d39d76321d67dee8be7e3ee5fc29bcd5e82d1af0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:f0a264457205a99090348ba53c3db478ea1f0c7fd28159bb3b2b9adb284e9aa1_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:7730e3d1c2f0ad01f044b21dbb90f079c486f311026854695e816e164d4e1cb3_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:95c8eb02898b1923e41e6abeeda9cf3fea77e6d736ad4846df9567400435f4f4_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:96d9268d923e7a5838d8d569bf148695830a8130d570a181b72bbf4baa206e9d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:018721a7037fa8cae65b0b1c7ba3995642bb35e38c39dd22cc276ff159e27a39_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:7a5dc91fde153508d66095020483d0098be01786fec9d164530dc3f4f5c85793_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce7dc68e2a3e32b58e231267ee3be305bc976fef670c7ddbcdc50ddfffbd209d_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1db3ea077db0c2948210558883d85d04f94658aab02754eba5c3cdb49e42de29_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:62bb4c55d5b033a2a27ee958c7aac2bd213072e3e35541aba817532b415b10d8_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:bd8241504d7eba68b32af8b82be1129a4ac6a843f1015ed214e773a653af9393_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:660f26a9af99e0d0d2b26d5f3c485692100f8fc81f91803448cd79cc36938dec_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a484b5b99cad803ae3fb72a720e09096f52380a5443152b4531c69fac970473f_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:dd5cec2e593b6a036901a23ae9c483a957fea15b7691c396f6b78cc6f132780f_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c3372e846ce58fc9159ef61e80d625cd657a682f9e0dadd8a255194681e05fd_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:2a6c0dae3b3c96b0c669a30cb748caae05fb36927fb5143a861a50c0f5fc7577_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:9937504a2361c70f2ea9b10fae6ce5ff4096bc3c5f3d01b0cea7c041ff0cabcb_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Openshift Logging Bug Fix Release (5.2.0)",
"title": "Topic"
},
{
"category": "general",
"text": "Openshift Logging Bug Fix Release (5.2.0)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2021:3393",
"url": "https://access.redhat.com/errata/RHBA-2021:3393"
},
{
"category": "external",
"summary": "LOG-1071",
"url": "https://issues.redhat.com/browse/LOG-1071"
},
{
"category": "external",
"summary": "LOG-1130",
"url": "https://issues.redhat.com/browse/LOG-1130"
},
{
"category": "external",
"summary": "LOG-1271",
"url": "https://issues.redhat.com/browse/LOG-1271"
},
{
"category": "external",
"summary": "LOG-1273",
"url": "https://issues.redhat.com/browse/LOG-1273"
},
{
"category": "external",
"summary": "LOG-1276",
"url": "https://issues.redhat.com/browse/LOG-1276"
},
{
"category": "external",
"summary": "LOG-1353",
"url": "https://issues.redhat.com/browse/LOG-1353"
},
{
"category": "external",
"summary": "LOG-1385",
"url": "https://issues.redhat.com/browse/LOG-1385"
},
{
"category": "external",
"summary": "LOG-1411",
"url": "https://issues.redhat.com/browse/LOG-1411"
},
{
"category": "external",
"summary": "LOG-1420",
"url": "https://issues.redhat.com/browse/LOG-1420"
},
{
"category": "external",
"summary": "LOG-1440",
"url": "https://issues.redhat.com/browse/LOG-1440"
},
{
"category": "external",
"summary": "LOG-1446",
"url": "https://issues.redhat.com/browse/LOG-1446"
},
{
"category": "external",
"summary": "LOG-1499",
"url": "https://issues.redhat.com/browse/LOG-1499"
},
{
"category": "external",
"summary": "LOG-1558",
"url": "https://issues.redhat.com/browse/LOG-1558"
},
{
"category": "external",
"summary": "LOG-1567",
"url": "https://issues.redhat.com/browse/LOG-1567"
},
{
"category": "external",
"summary": "LOG-1570",
"url": "https://issues.redhat.com/browse/LOG-1570"
},
{
"category": "external",
"summary": "LOG-1589",
"url": "https://issues.redhat.com/browse/LOG-1589"
},
{
"category": "external",
"summary": "LOG-1590",
"url": "https://issues.redhat.com/browse/LOG-1590"
},
{
"category": "external",
"summary": "LOG-1623",
"url": "https://issues.redhat.com/browse/LOG-1623"
},
{
"category": "external",
"summary": "LOG-1624",
"url": "https://issues.redhat.com/browse/LOG-1624"
},
{
"category": "external",
"summary": "LOG-1625",
"url": "https://issues.redhat.com/browse/LOG-1625"
},
{
"category": "external",
"summary": "LOG-1647",
"url": "https://issues.redhat.com/browse/LOG-1647"
},
{
"category": "external",
"summary": "LOG-1657",
"url": "https://issues.redhat.com/browse/LOG-1657"
},
{
"category": "external",
"summary": "LOG-1681",
"url": "https://issues.redhat.com/browse/LOG-1681"
},
{
"category": "external",
"summary": "LOG-1683",
"url": "https://issues.redhat.com/browse/LOG-1683"
},
{
"category": "external",
"summary": "LOG-1702",
"url": "https://issues.redhat.com/browse/LOG-1702"
},
{
"category": "external",
"summary": "LOG-1714",
"url": "https://issues.redhat.com/browse/LOG-1714"
},
{
"category": "external",
"summary": "LOG-1722",
"url": "https://issues.redhat.com/browse/LOG-1722"
},
{
"category": "external",
"summary": "LOG-1723",
"url": "https://issues.redhat.com/browse/LOG-1723"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhba-2021_3393.json"
}
],
"title": "Red Hat Bug Fix Advisory: Openshift Logging Bug Fix Release (5.2.0)",
"tracking": {
"current_release_date": "2026-03-21T05:04:41+00:00",
"generator": {
"date": "2026-03-21T05:04:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHBA-2021:3393",
"initial_release_date": "2021-09-07T16:28:17+00:00",
"revision_history": [
{
"date": "2021-09-07T16:28:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-09-07T16:28:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-21T05:04:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift Logging 5.2",
"product": {
"name": "OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9bccd956a9fe22506696f4ff1a83410ebbeb48b8dad3c1ee5dbd9270e061e04_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9bccd956a9fe22506696f4ff1a83410ebbeb48b8dad3c1ee5dbd9270e061e04_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9bccd956a9fe22506696f4ff1a83410ebbeb48b8dad3c1ee5dbd9270e061e04_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:b9bccd956a9fe22506696f4ff1a83410ebbeb48b8dad3c1ee5dbd9270e061e04?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.0-20"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f0a264457205a99090348ba53c3db478ea1f0c7fd28159bb3b2b9adb284e9aa1_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f0a264457205a99090348ba53c3db478ea1f0c7fd28159bb3b2b9adb284e9aa1_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:f0a264457205a99090348ba53c3db478ea1f0c7fd28159bb3b2b9adb284e9aa1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:f0a264457205a99090348ba53c3db478ea1f0c7fd28159bb3b2b9adb284e9aa1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.0-14"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:5dad0b5e1e09e9c0b8ac0dbe3635ff9986ef5efa2fbd1d8057a4ec71a045b91a_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:5dad0b5e1e09e9c0b8ac0dbe3635ff9986ef5efa2fbd1d8057a4ec71a045b91a_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:5dad0b5e1e09e9c0b8ac0dbe3635ff9986ef5efa2fbd1d8057a4ec71a045b91a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:5dad0b5e1e09e9c0b8ac0dbe3635ff9986ef5efa2fbd1d8057a4ec71a045b91a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.2.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:dd5cec2e593b6a036901a23ae9c483a957fea15b7691c396f6b78cc6f132780f_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:dd5cec2e593b6a036901a23ae9c483a957fea15b7691c396f6b78cc6f132780f_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:dd5cec2e593b6a036901a23ae9c483a957fea15b7691c396f6b78cc6f132780f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:dd5cec2e593b6a036901a23ae9c483a957fea15b7691c396f6b78cc6f132780f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v5.2.0-14"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:0c3372e846ce58fc9159ef61e80d625cd657a682f9e0dadd8a255194681e05fd_s390x",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:0c3372e846ce58fc9159ef61e80d625cd657a682f9e0dadd8a255194681e05fd_s390x",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:0c3372e846ce58fc9159ef61e80d625cd657a682f9e0dadd8a255194681e05fd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:0c3372e846ce58fc9159ef61e80d625cd657a682f9e0dadd8a255194681e05fd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.2.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:96d9268d923e7a5838d8d569bf148695830a8130d570a181b72bbf4baa206e9d_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:96d9268d923e7a5838d8d569bf148695830a8130d570a181b72bbf4baa206e9d_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:96d9268d923e7a5838d8d569bf148695830a8130d570a181b72bbf4baa206e9d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:96d9268d923e7a5838d8d569bf148695830a8130d570a181b72bbf4baa206e9d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.2.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:7a5dc91fde153508d66095020483d0098be01786fec9d164530dc3f4f5c85793_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:7a5dc91fde153508d66095020483d0098be01786fec9d164530dc3f4f5c85793_s390x",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:7a5dc91fde153508d66095020483d0098be01786fec9d164530dc3f4f5c85793_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:7a5dc91fde153508d66095020483d0098be01786fec9d164530dc3f4f5c85793?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.2.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:a9f2513d88f73a1e8791285e01fb8679887ee55428f25ac83eb296de09783aa1_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:a9f2513d88f73a1e8791285e01fb8679887ee55428f25ac83eb296de09783aa1_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:a9f2513d88f73a1e8791285e01fb8679887ee55428f25ac83eb296de09783aa1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:a9f2513d88f73a1e8791285e01fb8679887ee55428f25ac83eb296de09783aa1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.2.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:62bb4c55d5b033a2a27ee958c7aac2bd213072e3e35541aba817532b415b10d8_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:62bb4c55d5b033a2a27ee958c7aac2bd213072e3e35541aba817532b415b10d8_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:62bb4c55d5b033a2a27ee958c7aac2bd213072e3e35541aba817532b415b10d8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:62bb4c55d5b033a2a27ee958c7aac2bd213072e3e35541aba817532b415b10d8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.2.0-9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:423828d9ee730e4c264713256d19cab0d8fcd0eeee32883922bd589c0d3c9ecb_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:423828d9ee730e4c264713256d19cab0d8fcd0eeee32883922bd589c0d3c9ecb_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:423828d9ee730e4c264713256d19cab0d8fcd0eeee32883922bd589c0d3c9ecb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:423828d9ee730e4c264713256d19cab0d8fcd0eeee32883922bd589c0d3c9ecb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.0-20"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:b86bf7654c7919887a004c3953840eed5d514bf0f08106ce043bc4c3dae37c83_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:b86bf7654c7919887a004c3953840eed5d514bf0f08106ce043bc4c3dae37c83_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:b86bf7654c7919887a004c3953840eed5d514bf0f08106ce043bc4c3dae37c83_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:b86bf7654c7919887a004c3953840eed5d514bf0f08106ce043bc4c3dae37c83?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.2.0-57"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:cafdc3bd78546fb514cb2cbdc4eb49a577c96cc87089c3b86e8e8af730d500d3_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:cafdc3bd78546fb514cb2cbdc4eb49a577c96cc87089c3b86e8e8af730d500d3_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:cafdc3bd78546fb514cb2cbdc4eb49a577c96cc87089c3b86e8e8af730d500d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:cafdc3bd78546fb514cb2cbdc4eb49a577c96cc87089c3b86e8e8af730d500d3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.0-14"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:788929ff683450b7cb0c48af4f5e6d0b2dc7d4a38d4d072c9a16e0d0542a1304_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:788929ff683450b7cb0c48af4f5e6d0b2dc7d4a38d4d072c9a16e0d0542a1304_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:788929ff683450b7cb0c48af4f5e6d0b2dc7d4a38d4d072c9a16e0d0542a1304_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:788929ff683450b7cb0c48af4f5e6d0b2dc7d4a38d4d072c9a16e0d0542a1304?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.2.0-58"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:3c0fa213fc00f5301278d4dd8cdc3b86625bdeca3c446871fc833b693f17fed1_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:3c0fa213fc00f5301278d4dd8cdc3b86625bdeca3c446871fc833b693f17fed1_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:3c0fa213fc00f5301278d4dd8cdc3b86625bdeca3c446871fc833b693f17fed1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:3c0fa213fc00f5301278d4dd8cdc3b86625bdeca3c446871fc833b693f17fed1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.2.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:660f26a9af99e0d0d2b26d5f3c485692100f8fc81f91803448cd79cc36938dec_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:660f26a9af99e0d0d2b26d5f3c485692100f8fc81f91803448cd79cc36938dec_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:660f26a9af99e0d0d2b26d5f3c485692100f8fc81f91803448cd79cc36938dec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:660f26a9af99e0d0d2b26d5f3c485692100f8fc81f91803448cd79cc36938dec?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v5.2.0-14"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:9937504a2361c70f2ea9b10fae6ce5ff4096bc3c5f3d01b0cea7c041ff0cabcb_amd64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:9937504a2361c70f2ea9b10fae6ce5ff4096bc3c5f3d01b0cea7c041ff0cabcb_amd64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:9937504a2361c70f2ea9b10fae6ce5ff4096bc3c5f3d01b0cea7c041ff0cabcb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:9937504a2361c70f2ea9b10fae6ce5ff4096bc3c5f3d01b0cea7c041ff0cabcb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.2.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:7730e3d1c2f0ad01f044b21dbb90f079c486f311026854695e816e164d4e1cb3_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:7730e3d1c2f0ad01f044b21dbb90f079c486f311026854695e816e164d4e1cb3_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:7730e3d1c2f0ad01f044b21dbb90f079c486f311026854695e816e164d4e1cb3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:7730e3d1c2f0ad01f044b21dbb90f079c486f311026854695e816e164d4e1cb3?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.2.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:ce7dc68e2a3e32b58e231267ee3be305bc976fef670c7ddbcdc50ddfffbd209d_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:ce7dc68e2a3e32b58e231267ee3be305bc976fef670c7ddbcdc50ddfffbd209d_amd64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:ce7dc68e2a3e32b58e231267ee3be305bc976fef670c7ddbcdc50ddfffbd209d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:ce7dc68e2a3e32b58e231267ee3be305bc976fef670c7ddbcdc50ddfffbd209d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.2.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:76f129f017634397a17657ac57e6aa0d54152d43fe520960fd953f382e2d7242_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:76f129f017634397a17657ac57e6aa0d54152d43fe520960fd953f382e2d7242_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:76f129f017634397a17657ac57e6aa0d54152d43fe520960fd953f382e2d7242_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:76f129f017634397a17657ac57e6aa0d54152d43fe520960fd953f382e2d7242?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.2.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:bd8241504d7eba68b32af8b82be1129a4ac6a843f1015ed214e773a653af9393_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:bd8241504d7eba68b32af8b82be1129a4ac6a843f1015ed214e773a653af9393_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:bd8241504d7eba68b32af8b82be1129a4ac6a843f1015ed214e773a653af9393_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:bd8241504d7eba68b32af8b82be1129a4ac6a843f1015ed214e773a653af9393?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.2.0-9"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:09af2549ff71a9ffa19538ff53599713af715b9623f6f5114449d45232162c71_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:09af2549ff71a9ffa19538ff53599713af715b9623f6f5114449d45232162c71_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:09af2549ff71a9ffa19538ff53599713af715b9623f6f5114449d45232162c71_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:09af2549ff71a9ffa19538ff53599713af715b9623f6f5114449d45232162c71?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.2.0-20"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:e7d91d273055029172d55ae4d39d76321d67dee8be7e3ee5fc29bcd5e82d1af0_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:e7d91d273055029172d55ae4d39d76321d67dee8be7e3ee5fc29bcd5e82d1af0_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:e7d91d273055029172d55ae4d39d76321d67dee8be7e3ee5fc29bcd5e82d1af0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:e7d91d273055029172d55ae4d39d76321d67dee8be7e3ee5fc29bcd5e82d1af0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.2.0-14"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:07394901f71213f2428c99a6a0e469ef9be97db4fd2ff41d3ec8fc3a862b2bfe_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:07394901f71213f2428c99a6a0e469ef9be97db4fd2ff41d3ec8fc3a862b2bfe_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:07394901f71213f2428c99a6a0e469ef9be97db4fd2ff41d3ec8fc3a862b2bfe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:07394901f71213f2428c99a6a0e469ef9be97db4fd2ff41d3ec8fc3a862b2bfe?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v5.2.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a484b5b99cad803ae3fb72a720e09096f52380a5443152b4531c69fac970473f_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a484b5b99cad803ae3fb72a720e09096f52380a5443152b4531c69fac970473f_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a484b5b99cad803ae3fb72a720e09096f52380a5443152b4531c69fac970473f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:a484b5b99cad803ae3fb72a720e09096f52380a5443152b4531c69fac970473f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v5.2.0-14"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:2a6c0dae3b3c96b0c669a30cb748caae05fb36927fb5143a861a50c0f5fc7577_ppc64le",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:2a6c0dae3b3c96b0c669a30cb748caae05fb36927fb5143a861a50c0f5fc7577_ppc64le",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:2a6c0dae3b3c96b0c669a30cb748caae05fb36927fb5143a861a50c0f5fc7577_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:2a6c0dae3b3c96b0c669a30cb748caae05fb36927fb5143a861a50c0f5fc7577?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.2.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:95c8eb02898b1923e41e6abeeda9cf3fea77e6d736ad4846df9567400435f4f4_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:95c8eb02898b1923e41e6abeeda9cf3fea77e6d736ad4846df9567400435f4f4_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:95c8eb02898b1923e41e6abeeda9cf3fea77e6d736ad4846df9567400435f4f4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:95c8eb02898b1923e41e6abeeda9cf3fea77e6d736ad4846df9567400435f4f4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v5.2.0-8"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:018721a7037fa8cae65b0b1c7ba3995642bb35e38c39dd22cc276ff159e27a39_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:018721a7037fa8cae65b0b1c7ba3995642bb35e38c39dd22cc276ff159e27a39_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:018721a7037fa8cae65b0b1c7ba3995642bb35e38c39dd22cc276ff159e27a39_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:018721a7037fa8cae65b0b1c7ba3995642bb35e38c39dd22cc276ff159e27a39?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v5.2.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:61e1d646090fe7832579e0cdb6c82750f42498354ed192935dd3e2c69cf88607_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:61e1d646090fe7832579e0cdb6c82750f42498354ed192935dd3e2c69cf88607_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:61e1d646090fe7832579e0cdb6c82750f42498354ed192935dd3e2c69cf88607_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:61e1d646090fe7832579e0cdb6c82750f42498354ed192935dd3e2c69cf88607?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v5.2.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:1db3ea077db0c2948210558883d85d04f94658aab02754eba5c3cdb49e42de29_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:1db3ea077db0c2948210558883d85d04f94658aab02754eba5c3cdb49e42de29_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:1db3ea077db0c2948210558883d85d04f94658aab02754eba5c3cdb49e42de29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:1db3ea077db0c2948210558883d85d04f94658aab02754eba5c3cdb49e42de29?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v5.2.0-9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:b86bf7654c7919887a004c3953840eed5d514bf0f08106ce043bc4c3dae37c83_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:b86bf7654c7919887a004c3953840eed5d514bf0f08106ce043bc4c3dae37c83_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:b86bf7654c7919887a004c3953840eed5d514bf0f08106ce043bc4c3dae37c83_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:09af2549ff71a9ffa19538ff53599713af715b9623f6f5114449d45232162c71_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:09af2549ff71a9ffa19538ff53599713af715b9623f6f5114449d45232162c71_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:09af2549ff71a9ffa19538ff53599713af715b9623f6f5114449d45232162c71_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:423828d9ee730e4c264713256d19cab0d8fcd0eeee32883922bd589c0d3c9ecb_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:423828d9ee730e4c264713256d19cab0d8fcd0eeee32883922bd589c0d3c9ecb_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:423828d9ee730e4c264713256d19cab0d8fcd0eeee32883922bd589c0d3c9ecb_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9bccd956a9fe22506696f4ff1a83410ebbeb48b8dad3c1ee5dbd9270e061e04_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:b9bccd956a9fe22506696f4ff1a83410ebbeb48b8dad3c1ee5dbd9270e061e04_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9bccd956a9fe22506696f4ff1a83410ebbeb48b8dad3c1ee5dbd9270e061e04_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:788929ff683450b7cb0c48af4f5e6d0b2dc7d4a38d4d072c9a16e0d0542a1304_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:788929ff683450b7cb0c48af4f5e6d0b2dc7d4a38d4d072c9a16e0d0542a1304_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:788929ff683450b7cb0c48af4f5e6d0b2dc7d4a38d4d072c9a16e0d0542a1304_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:07394901f71213f2428c99a6a0e469ef9be97db4fd2ff41d3ec8fc3a862b2bfe_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:07394901f71213f2428c99a6a0e469ef9be97db4fd2ff41d3ec8fc3a862b2bfe_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:07394901f71213f2428c99a6a0e469ef9be97db4fd2ff41d3ec8fc3a862b2bfe_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:3c0fa213fc00f5301278d4dd8cdc3b86625bdeca3c446871fc833b693f17fed1_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:3c0fa213fc00f5301278d4dd8cdc3b86625bdeca3c446871fc833b693f17fed1_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:3c0fa213fc00f5301278d4dd8cdc3b86625bdeca3c446871fc833b693f17fed1_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:5dad0b5e1e09e9c0b8ac0dbe3635ff9986ef5efa2fbd1d8057a4ec71a045b91a_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:5dad0b5e1e09e9c0b8ac0dbe3635ff9986ef5efa2fbd1d8057a4ec71a045b91a_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:5dad0b5e1e09e9c0b8ac0dbe3635ff9986ef5efa2fbd1d8057a4ec71a045b91a_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:cafdc3bd78546fb514cb2cbdc4eb49a577c96cc87089c3b86e8e8af730d500d3_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:cafdc3bd78546fb514cb2cbdc4eb49a577c96cc87089c3b86e8e8af730d500d3_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:cafdc3bd78546fb514cb2cbdc4eb49a577c96cc87089c3b86e8e8af730d500d3_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:e7d91d273055029172d55ae4d39d76321d67dee8be7e3ee5fc29bcd5e82d1af0_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:e7d91d273055029172d55ae4d39d76321d67dee8be7e3ee5fc29bcd5e82d1af0_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:e7d91d273055029172d55ae4d39d76321d67dee8be7e3ee5fc29bcd5e82d1af0_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f0a264457205a99090348ba53c3db478ea1f0c7fd28159bb3b2b9adb284e9aa1_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:f0a264457205a99090348ba53c3db478ea1f0c7fd28159bb3b2b9adb284e9aa1_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:f0a264457205a99090348ba53c3db478ea1f0c7fd28159bb3b2b9adb284e9aa1_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:7730e3d1c2f0ad01f044b21dbb90f079c486f311026854695e816e164d4e1cb3_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:7730e3d1c2f0ad01f044b21dbb90f079c486f311026854695e816e164d4e1cb3_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:7730e3d1c2f0ad01f044b21dbb90f079c486f311026854695e816e164d4e1cb3_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:95c8eb02898b1923e41e6abeeda9cf3fea77e6d736ad4846df9567400435f4f4_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:95c8eb02898b1923e41e6abeeda9cf3fea77e6d736ad4846df9567400435f4f4_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:95c8eb02898b1923e41e6abeeda9cf3fea77e6d736ad4846df9567400435f4f4_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:96d9268d923e7a5838d8d569bf148695830a8130d570a181b72bbf4baa206e9d_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:96d9268d923e7a5838d8d569bf148695830a8130d570a181b72bbf4baa206e9d_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:96d9268d923e7a5838d8d569bf148695830a8130d570a181b72bbf4baa206e9d_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:018721a7037fa8cae65b0b1c7ba3995642bb35e38c39dd22cc276ff159e27a39_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:018721a7037fa8cae65b0b1c7ba3995642bb35e38c39dd22cc276ff159e27a39_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:018721a7037fa8cae65b0b1c7ba3995642bb35e38c39dd22cc276ff159e27a39_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:7a5dc91fde153508d66095020483d0098be01786fec9d164530dc3f4f5c85793_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:7a5dc91fde153508d66095020483d0098be01786fec9d164530dc3f4f5c85793_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:7a5dc91fde153508d66095020483d0098be01786fec9d164530dc3f4f5c85793_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:ce7dc68e2a3e32b58e231267ee3be305bc976fef670c7ddbcdc50ddfffbd209d_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce7dc68e2a3e32b58e231267ee3be305bc976fef670c7ddbcdc50ddfffbd209d_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:ce7dc68e2a3e32b58e231267ee3be305bc976fef670c7ddbcdc50ddfffbd209d_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:61e1d646090fe7832579e0cdb6c82750f42498354ed192935dd3e2c69cf88607_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:61e1d646090fe7832579e0cdb6c82750f42498354ed192935dd3e2c69cf88607_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:61e1d646090fe7832579e0cdb6c82750f42498354ed192935dd3e2c69cf88607_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:76f129f017634397a17657ac57e6aa0d54152d43fe520960fd953f382e2d7242_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:76f129f017634397a17657ac57e6aa0d54152d43fe520960fd953f382e2d7242_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:76f129f017634397a17657ac57e6aa0d54152d43fe520960fd953f382e2d7242_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:a9f2513d88f73a1e8791285e01fb8679887ee55428f25ac83eb296de09783aa1_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a9f2513d88f73a1e8791285e01fb8679887ee55428f25ac83eb296de09783aa1_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:a9f2513d88f73a1e8791285e01fb8679887ee55428f25ac83eb296de09783aa1_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:1db3ea077db0c2948210558883d85d04f94658aab02754eba5c3cdb49e42de29_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1db3ea077db0c2948210558883d85d04f94658aab02754eba5c3cdb49e42de29_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:1db3ea077db0c2948210558883d85d04f94658aab02754eba5c3cdb49e42de29_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:62bb4c55d5b033a2a27ee958c7aac2bd213072e3e35541aba817532b415b10d8_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:62bb4c55d5b033a2a27ee958c7aac2bd213072e3e35541aba817532b415b10d8_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:62bb4c55d5b033a2a27ee958c7aac2bd213072e3e35541aba817532b415b10d8_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:bd8241504d7eba68b32af8b82be1129a4ac6a843f1015ed214e773a653af9393_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:bd8241504d7eba68b32af8b82be1129a4ac6a843f1015ed214e773a653af9393_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:bd8241504d7eba68b32af8b82be1129a4ac6a843f1015ed214e773a653af9393_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:660f26a9af99e0d0d2b26d5f3c485692100f8fc81f91803448cd79cc36938dec_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:660f26a9af99e0d0d2b26d5f3c485692100f8fc81f91803448cd79cc36938dec_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:660f26a9af99e0d0d2b26d5f3c485692100f8fc81f91803448cd79cc36938dec_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a484b5b99cad803ae3fb72a720e09096f52380a5443152b4531c69fac970473f_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a484b5b99cad803ae3fb72a720e09096f52380a5443152b4531c69fac970473f_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:a484b5b99cad803ae3fb72a720e09096f52380a5443152b4531c69fac970473f_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:dd5cec2e593b6a036901a23ae9c483a957fea15b7691c396f6b78cc6f132780f_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:dd5cec2e593b6a036901a23ae9c483a957fea15b7691c396f6b78cc6f132780f_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:dd5cec2e593b6a036901a23ae9c483a957fea15b7691c396f6b78cc6f132780f_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:0c3372e846ce58fc9159ef61e80d625cd657a682f9e0dadd8a255194681e05fd_s390x as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c3372e846ce58fc9159ef61e80d625cd657a682f9e0dadd8a255194681e05fd_s390x"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:0c3372e846ce58fc9159ef61e80d625cd657a682f9e0dadd8a255194681e05fd_s390x",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:2a6c0dae3b3c96b0c669a30cb748caae05fb36927fb5143a861a50c0f5fc7577_ppc64le as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:2a6c0dae3b3c96b0c669a30cb748caae05fb36927fb5143a861a50c0f5fc7577_ppc64le"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2a6c0dae3b3c96b0c669a30cb748caae05fb36927fb5143a861a50c0f5fc7577_ppc64le",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:9937504a2361c70f2ea9b10fae6ce5ff4096bc3c5f3d01b0cea7c041ff0cabcb_amd64 as a component of OpenShift Logging 5.2",
"product_id": "8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:9937504a2361c70f2ea9b10fae6ce5ff4096bc3c5f3d01b0cea7c041ff0cabcb_amd64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:9937504a2361c70f2ea9b10fae6ce5ff4096bc3c5f3d01b0cea7c041ff0cabcb_amd64",
"relates_to_product_reference": "8Base-OSE-LOGGING-5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-32740",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-07-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:b86bf7654c7919887a004c3953840eed5d514bf0f08106ce043bc4c3dae37c83_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:09af2549ff71a9ffa19538ff53599713af715b9623f6f5114449d45232162c71_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:423828d9ee730e4c264713256d19cab0d8fcd0eeee32883922bd589c0d3c9ecb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:b9bccd956a9fe22506696f4ff1a83410ebbeb48b8dad3c1ee5dbd9270e061e04_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:788929ff683450b7cb0c48af4f5e6d0b2dc7d4a38d4d072c9a16e0d0542a1304_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:07394901f71213f2428c99a6a0e469ef9be97db4fd2ff41d3ec8fc3a862b2bfe_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:3c0fa213fc00f5301278d4dd8cdc3b86625bdeca3c446871fc833b693f17fed1_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:5dad0b5e1e09e9c0b8ac0dbe3635ff9986ef5efa2fbd1d8057a4ec71a045b91a_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:cafdc3bd78546fb514cb2cbdc4eb49a577c96cc87089c3b86e8e8af730d500d3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:e7d91d273055029172d55ae4d39d76321d67dee8be7e3ee5fc29bcd5e82d1af0_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:f0a264457205a99090348ba53c3db478ea1f0c7fd28159bb3b2b9adb284e9aa1_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:7730e3d1c2f0ad01f044b21dbb90f079c486f311026854695e816e164d4e1cb3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:95c8eb02898b1923e41e6abeeda9cf3fea77e6d736ad4846df9567400435f4f4_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:96d9268d923e7a5838d8d569bf148695830a8130d570a181b72bbf4baa206e9d_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:018721a7037fa8cae65b0b1c7ba3995642bb35e38c39dd22cc276ff159e27a39_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:7a5dc91fde153508d66095020483d0098be01786fec9d164530dc3f4f5c85793_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce7dc68e2a3e32b58e231267ee3be305bc976fef670c7ddbcdc50ddfffbd209d_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1db3ea077db0c2948210558883d85d04f94658aab02754eba5c3cdb49e42de29_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:62bb4c55d5b033a2a27ee958c7aac2bd213072e3e35541aba817532b415b10d8_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:bd8241504d7eba68b32af8b82be1129a4ac6a843f1015ed214e773a653af9393_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:660f26a9af99e0d0d2b26d5f3c485692100f8fc81f91803448cd79cc36938dec_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a484b5b99cad803ae3fb72a720e09096f52380a5443152b4531c69fac970473f_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:dd5cec2e593b6a036901a23ae9c483a957fea15b7691c396f6b78cc6f132780f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c3372e846ce58fc9159ef61e80d625cd657a682f9e0dadd8a255194681e05fd_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:2a6c0dae3b3c96b0c669a30cb748caae05fb36927fb5143a861a50c0f5fc7577_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:9937504a2361c70f2ea9b10fae6ce5ff4096bc3c5f3d01b0cea7c041ff0cabcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1979702"
}
],
"notes": [
{
"category": "description",
"text": "A resource-consumption vulnerability was found in rubygem addressable, where its URI template implementation could allow an attacker\u0027s crafted template to consume resources, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rubygem-addressable: ReDoS in templates",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat CloudForms 5.0 (CFME 5.11) is in the maintenance support phase and we are no longer fixing Moderate/Low severity security bugs. Reference: https://access.redhat.com/support/policy/updates/cloudforms\n\nOpenShift 3.11 components are currently in maintenance support phase, hence Moderate/Low severity security bugs are set as Out Of Support Scope (OOSS). Reference: https://access.redhat.com/support/policy/updates/openshift_noncurrent",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:61e1d646090fe7832579e0cdb6c82750f42498354ed192935dd3e2c69cf88607_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:76f129f017634397a17657ac57e6aa0d54152d43fe520960fd953f382e2d7242_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a9f2513d88f73a1e8791285e01fb8679887ee55428f25ac83eb296de09783aa1_s390x"
],
"known_not_affected": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:b86bf7654c7919887a004c3953840eed5d514bf0f08106ce043bc4c3dae37c83_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:09af2549ff71a9ffa19538ff53599713af715b9623f6f5114449d45232162c71_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:423828d9ee730e4c264713256d19cab0d8fcd0eeee32883922bd589c0d3c9ecb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:b9bccd956a9fe22506696f4ff1a83410ebbeb48b8dad3c1ee5dbd9270e061e04_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:788929ff683450b7cb0c48af4f5e6d0b2dc7d4a38d4d072c9a16e0d0542a1304_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:07394901f71213f2428c99a6a0e469ef9be97db4fd2ff41d3ec8fc3a862b2bfe_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:3c0fa213fc00f5301278d4dd8cdc3b86625bdeca3c446871fc833b693f17fed1_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:5dad0b5e1e09e9c0b8ac0dbe3635ff9986ef5efa2fbd1d8057a4ec71a045b91a_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:cafdc3bd78546fb514cb2cbdc4eb49a577c96cc87089c3b86e8e8af730d500d3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:e7d91d273055029172d55ae4d39d76321d67dee8be7e3ee5fc29bcd5e82d1af0_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:f0a264457205a99090348ba53c3db478ea1f0c7fd28159bb3b2b9adb284e9aa1_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:7730e3d1c2f0ad01f044b21dbb90f079c486f311026854695e816e164d4e1cb3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:95c8eb02898b1923e41e6abeeda9cf3fea77e6d736ad4846df9567400435f4f4_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:96d9268d923e7a5838d8d569bf148695830a8130d570a181b72bbf4baa206e9d_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:018721a7037fa8cae65b0b1c7ba3995642bb35e38c39dd22cc276ff159e27a39_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:7a5dc91fde153508d66095020483d0098be01786fec9d164530dc3f4f5c85793_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce7dc68e2a3e32b58e231267ee3be305bc976fef670c7ddbcdc50ddfffbd209d_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1db3ea077db0c2948210558883d85d04f94658aab02754eba5c3cdb49e42de29_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:62bb4c55d5b033a2a27ee958c7aac2bd213072e3e35541aba817532b415b10d8_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:bd8241504d7eba68b32af8b82be1129a4ac6a843f1015ed214e773a653af9393_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:660f26a9af99e0d0d2b26d5f3c485692100f8fc81f91803448cd79cc36938dec_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a484b5b99cad803ae3fb72a720e09096f52380a5443152b4531c69fac970473f_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:dd5cec2e593b6a036901a23ae9c483a957fea15b7691c396f6b78cc6f132780f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c3372e846ce58fc9159ef61e80d625cd657a682f9e0dadd8a255194681e05fd_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:2a6c0dae3b3c96b0c669a30cb748caae05fb36927fb5143a861a50c0f5fc7577_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:9937504a2361c70f2ea9b10fae6ce5ff4096bc3c5f3d01b0cea7c041ff0cabcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-32740"
},
{
"category": "external",
"summary": "RHBZ#1979702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1979702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-32740",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32740"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-32740",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32740"
},
{
"category": "external",
"summary": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g",
"url": "https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g"
}
],
"release_date": "2021-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-09-07T16:28:17+00:00",
"details": "For important instructions on how to upgrade your cluster and fully apply this errata update, see the following documentation, which will be updated shortly for this release:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:61e1d646090fe7832579e0cdb6c82750f42498354ed192935dd3e2c69cf88607_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:76f129f017634397a17657ac57e6aa0d54152d43fe520960fd953f382e2d7242_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a9f2513d88f73a1e8791285e01fb8679887ee55428f25ac83eb296de09783aa1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2021:3393"
},
{
"category": "workaround",
"details": "Create template objects only from trusted sources that have been validated not to produce catastrophic backtracking.",
"product_ids": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:b86bf7654c7919887a004c3953840eed5d514bf0f08106ce043bc4c3dae37c83_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:09af2549ff71a9ffa19538ff53599713af715b9623f6f5114449d45232162c71_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:423828d9ee730e4c264713256d19cab0d8fcd0eeee32883922bd589c0d3c9ecb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:b9bccd956a9fe22506696f4ff1a83410ebbeb48b8dad3c1ee5dbd9270e061e04_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:788929ff683450b7cb0c48af4f5e6d0b2dc7d4a38d4d072c9a16e0d0542a1304_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:07394901f71213f2428c99a6a0e469ef9be97db4fd2ff41d3ec8fc3a862b2bfe_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:3c0fa213fc00f5301278d4dd8cdc3b86625bdeca3c446871fc833b693f17fed1_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:5dad0b5e1e09e9c0b8ac0dbe3635ff9986ef5efa2fbd1d8057a4ec71a045b91a_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:cafdc3bd78546fb514cb2cbdc4eb49a577c96cc87089c3b86e8e8af730d500d3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:e7d91d273055029172d55ae4d39d76321d67dee8be7e3ee5fc29bcd5e82d1af0_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:f0a264457205a99090348ba53c3db478ea1f0c7fd28159bb3b2b9adb284e9aa1_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:7730e3d1c2f0ad01f044b21dbb90f079c486f311026854695e816e164d4e1cb3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:95c8eb02898b1923e41e6abeeda9cf3fea77e6d736ad4846df9567400435f4f4_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:96d9268d923e7a5838d8d569bf148695830a8130d570a181b72bbf4baa206e9d_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:018721a7037fa8cae65b0b1c7ba3995642bb35e38c39dd22cc276ff159e27a39_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:7a5dc91fde153508d66095020483d0098be01786fec9d164530dc3f4f5c85793_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce7dc68e2a3e32b58e231267ee3be305bc976fef670c7ddbcdc50ddfffbd209d_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:61e1d646090fe7832579e0cdb6c82750f42498354ed192935dd3e2c69cf88607_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:76f129f017634397a17657ac57e6aa0d54152d43fe520960fd953f382e2d7242_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a9f2513d88f73a1e8791285e01fb8679887ee55428f25ac83eb296de09783aa1_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1db3ea077db0c2948210558883d85d04f94658aab02754eba5c3cdb49e42de29_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:62bb4c55d5b033a2a27ee958c7aac2bd213072e3e35541aba817532b415b10d8_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:bd8241504d7eba68b32af8b82be1129a4ac6a843f1015ed214e773a653af9393_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:660f26a9af99e0d0d2b26d5f3c485692100f8fc81f91803448cd79cc36938dec_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a484b5b99cad803ae3fb72a720e09096f52380a5443152b4531c69fac970473f_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:dd5cec2e593b6a036901a23ae9c483a957fea15b7691c396f6b78cc6f132780f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c3372e846ce58fc9159ef61e80d625cd657a682f9e0dadd8a255194681e05fd_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:2a6c0dae3b3c96b0c669a30cb748caae05fb36927fb5143a861a50c0f5fc7577_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:9937504a2361c70f2ea9b10fae6ce5ff4096bc3c5f3d01b0cea7c041ff0cabcb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-operator-bundle@sha256:b86bf7654c7919887a004c3953840eed5d514bf0f08106ce043bc4c3dae37c83_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:09af2549ff71a9ffa19538ff53599713af715b9623f6f5114449d45232162c71_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:423828d9ee730e4c264713256d19cab0d8fcd0eeee32883922bd589c0d3c9ecb_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/cluster-logging-rhel8-operator@sha256:b9bccd956a9fe22506696f4ff1a83410ebbeb48b8dad3c1ee5dbd9270e061e04_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-operator-bundle@sha256:788929ff683450b7cb0c48af4f5e6d0b2dc7d4a38d4d072c9a16e0d0542a1304_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:07394901f71213f2428c99a6a0e469ef9be97db4fd2ff41d3ec8fc3a862b2bfe_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:3c0fa213fc00f5301278d4dd8cdc3b86625bdeca3c446871fc833b693f17fed1_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-proxy-rhel8@sha256:5dad0b5e1e09e9c0b8ac0dbe3635ff9986ef5efa2fbd1d8057a4ec71a045b91a_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:cafdc3bd78546fb514cb2cbdc4eb49a577c96cc87089c3b86e8e8af730d500d3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:e7d91d273055029172d55ae4d39d76321d67dee8be7e3ee5fc29bcd5e82d1af0_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch-rhel8-operator@sha256:f0a264457205a99090348ba53c3db478ea1f0c7fd28159bb3b2b9adb284e9aa1_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:7730e3d1c2f0ad01f044b21dbb90f079c486f311026854695e816e164d4e1cb3_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:95c8eb02898b1923e41e6abeeda9cf3fea77e6d736ad4846df9567400435f4f4_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/elasticsearch6-rhel8@sha256:96d9268d923e7a5838d8d569bf148695830a8130d570a181b72bbf4baa206e9d_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:018721a7037fa8cae65b0b1c7ba3995642bb35e38c39dd22cc276ff159e27a39_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:7a5dc91fde153508d66095020483d0098be01786fec9d164530dc3f4f5c85793_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/eventrouter-rhel8@sha256:ce7dc68e2a3e32b58e231267ee3be305bc976fef670c7ddbcdc50ddfffbd209d_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:61e1d646090fe7832579e0cdb6c82750f42498354ed192935dd3e2c69cf88607_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:76f129f017634397a17657ac57e6aa0d54152d43fe520960fd953f382e2d7242_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/fluentd-rhel8@sha256:a9f2513d88f73a1e8791285e01fb8679887ee55428f25ac83eb296de09783aa1_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:1db3ea077db0c2948210558883d85d04f94658aab02754eba5c3cdb49e42de29_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:62bb4c55d5b033a2a27ee958c7aac2bd213072e3e35541aba817532b415b10d8_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/kibana6-rhel8@sha256:bd8241504d7eba68b32af8b82be1129a4ac6a843f1015ed214e773a653af9393_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:660f26a9af99e0d0d2b26d5f3c485692100f8fc81f91803448cd79cc36938dec_amd64",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:a484b5b99cad803ae3fb72a720e09096f52380a5443152b4531c69fac970473f_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/log-file-metric-exporter-rhel8@sha256:dd5cec2e593b6a036901a23ae9c483a957fea15b7691c396f6b78cc6f132780f_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:0c3372e846ce58fc9159ef61e80d625cd657a682f9e0dadd8a255194681e05fd_s390x",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:2a6c0dae3b3c96b0c669a30cb748caae05fb36927fb5143a861a50c0f5fc7577_ppc64le",
"8Base-OSE-LOGGING-5.2:openshift-logging/logging-curator5-rhel8@sha256:9937504a2361c70f2ea9b10fae6ce5ff4096bc3c5f3d01b0cea7c041ff0cabcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rubygem-addressable: ReDoS in templates"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…