Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-24999 (GCVE-0-2022-24999)
Vulnerability from cvelistv5 – Published: 2022-11-26 00:00 – Updated: 2025-04-29 13:56
VLAI
EPSS
Summary
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).
Severity
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/n8tz/CVE-2022-24999"
},
{
"name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3299-1] node-qs security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230908-0005/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-24999",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T13:56:22.823843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T13:56:42.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b\u0026a[__proto__]\u0026a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has \"deps: qs@6.9.7\" in its release description, is not vulnerable)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-08T16:06:42.462Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"url": "https://github.com/n8tz/CVE-2022-24999"
},
{
"name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3299-1] node-qs security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230908-0005/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24999",
"datePublished": "2022-11-26T00:00:00.000Z",
"dateReserved": "2022-02-14T00:00:00.000Z",
"dateUpdated": "2025-04-29T13:56:42.673Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-24999",
"date": "2026-05-27",
"epss": "0.01543",
"percentile": "0.81625"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-24999\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-11-26T22:15:10.153\",\"lastModified\":\"2025-04-29T14:15:20.410\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b\u0026a[__proto__]\u0026a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has \\\"deps: qs@6.9.7\\\" in its release description, is not vulnerable).\"},{\"lang\":\"es\",\"value\":\"qs anterior a 6.10.3, como se usa en Express anterior a 4.17.3 y otros productos, permite a los atacantes provocar que un proceso de Nodo se cuelgue para una aplicaci\u00f3n Express porque se puede usar una clave __ proto__. En muchos casos de uso t\u00edpicos de Express, un atacante remoto no autenticado puede colocar el payload del ataque en la cadena de consulta de la URL que se utiliza para visitar la aplicaci\u00f3n, como a[__proto__]=b\u0026amp;a[__proto__]\u0026amp;a[length] =100000000. La soluci\u00f3n se respald\u00f3 a qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3 y 6.2.4 (y por lo tanto a Express 4.17.3, que tiene \\\"deps : qs@6.9.7\\\" en la descripci\u00f3n de su versi\u00f3n, no es vulnerable).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"6.2.4\",\"matchCriteriaId\":\"F7960844-79EB-454C-BD4C-C79387E2E573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.3.0\",\"versionEndExcluding\":\"6.3.3\",\"matchCriteriaId\":\"B836471B-BF39-4B52-B837-70B494D2C45F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.5.0\",\"versionEndExcluding\":\"6.5.3\",\"matchCriteriaId\":\"DF319EA6-E68F-41A8-BB21-FE30F6BD1A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.7.0\",\"versionEndExcluding\":\"6.7.3\",\"matchCriteriaId\":\"E43C2419-E3F8-4123-8FA8-A0C1B4244D77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.8.0\",\"versionEndExcluding\":\"6.8.3\",\"matchCriteriaId\":\"BB20DBEF-67E2-49FB-BB55-C86F7A83028F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.9.0\",\"versionEndExcluding\":\"6.9.7\",\"matchCriteriaId\":\"49C25B47-56FD-43BF-9DA4-A6100DD291EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.10.0\",\"versionEndExcluding\":\"6.10.3\",\"matchCriteriaId\":\"750DDAB9-4454-4087-8DA1-D05280F59081\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qs_project:qs:6.4.0:*:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"535F43BA-C0A4-441A-A13C-A221ED855613\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qs_project:qs:6.6.0:*:*:*:*:node.js:*:*\",\"matchCriteriaId\":\"870A2680-00C2-43D2-9C4B-D8F52DB16AA1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openjsf:express:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"4.17.3\",\"matchCriteriaId\":\"31382A93-AA97-4D14-ACF6-129F1BDDFD6D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://github.com/expressjs/express/releases/tag/4.17.3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ljharb/qs/pull/428\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/n8tz/CVE-2022-24999\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230908-0005/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/expressjs/express/releases/tag/4.17.3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ljharb/qs/pull/428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/n8tz/CVE-2022-24999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230908-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/expressjs/express/releases/tag/4.17.3\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/ljharb/qs/pull/428\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/n8tz/CVE-2022-24999\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html\", \"name\": \"[debian-lts-announce] 20230130 [SECURITY] [DLA 3299-1] node-qs security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230908-0005/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:29:01.569Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24999\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-29T13:56:22.823843Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1321\", \"description\": \"CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-29T13:56:38.410Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/expressjs/express/releases/tag/4.17.3\"}, {\"url\": \"https://github.com/ljharb/qs/pull/428\"}, {\"url\": \"https://github.com/n8tz/CVE-2022-24999\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html\", \"name\": \"[debian-lts-announce] 20230130 [SECURITY] [DLA 3299-1] node-qs security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230908-0005/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b\u0026a[__proto__]\u0026a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has \\\"deps: qs@6.9.7\\\" in its release description, is not vulnerable).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-09-08T16:06:42.462Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-24999\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-29T13:56:42.673Z\", \"dateReserved\": \"2022-02-14T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-11-26T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2023:0930
Vulnerability from csaf_redhat - Published: 2023-03-08 15:35 - Updated: 2026-04-30 13:12Summary
Red Hat Security Advisory: Logging Subsystem 5.5.8 - Red Hat OpenShift
Severity
Moderate
Notes
Topic: Logging Subsystem 5.5.8 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Logging Subsystem 5.5.8 - Red Hat OpenShift
Security Fix(es):
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64 | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64 | — |
Vendor Fix
fix
|
Known not affected
51 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64 | — |
Threats
Impact
Moderate
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Logging Subsystem 5.5.8 - Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Logging Subsystem 5.5.8 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0930",
"url": "https://access.redhat.com/errata/RHSA-2023:0930"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "LOG-3630",
"url": "https://issues.redhat.com/browse/LOG-3630"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0930.json"
}
],
"title": "Red Hat Security Advisory: Logging Subsystem 5.5.8 - Red Hat OpenShift",
"tracking": {
"current_release_date": "2026-04-30T13:12:30+00:00",
"generator": {
"date": "2026-04-30T13:12:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:0930",
"initial_release_date": "2023-03-08T15:35:11+00:00",
"revision_history": [
{
"date": "2023-03-08T15:35:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-08T15:35:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:12:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOL 5.5 for RHEL 8",
"product": {
"name": "RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.5::el8"
}
}
}
],
"category": "product_family",
"name": "logging for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-341"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-106"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-307"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-299"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-93"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-89"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-336"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-29"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le",
"product_id": "openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-58"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-161"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-51"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-341"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-106"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-307"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-299"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-93"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-89"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-336"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-29"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64",
"product_id": "openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-58"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-161"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-51"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.5.8-29"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.5.8-38"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-341"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-106"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-307"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-299"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-93"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-89"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-336"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-29"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64",
"product_id": "openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-58"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64",
"product": {
"name": "openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64",
"product_id": "openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.5.8-44"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-161"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-51"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.5.8-4"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.5.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-341"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-106"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-307"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-299"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-93"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-89"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-336"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.6.1-29"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x",
"product_id": "openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-58"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.5.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.5.8-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-161"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-51"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64"
},
"product_reference": "openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x",
"relates_to_product_reference": "8Base-RHOL-5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64 as a component of RHOL 5.5 for RHEL 8",
"product_id": "8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64",
"relates_to_product_reference": "8Base-RHOL-5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150323"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: \"qs\" prototype poisoning causes the hang of the node process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24999"
},
{
"category": "external",
"summary": "RHBZ#2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/pull/428",
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"category": "external",
"summary": "https://github.com/n8tz/CVE-2022-24999",
"url": "https://github.com/n8tz/CVE-2022-24999"
}
],
"release_date": "2022-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-08T15:35:11+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0930"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: \"qs\" prototype poisoning causes the hang of the node process"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-08T15:35:11+00:00",
"details": "For OpenShift Container Platform 4.11 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nFor Red Hat OpenShift Logging 5.5, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html",
"product_ids": [
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0930"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.5:openshift-logging/cluster-logging-operator-bundle@sha256:37b6ad91114effd11b2701ccb89955bc53e124f48f16c84ffa0762e650203074_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:04d9b4e5635da41abb5abc5cab94ba8adc9ef974f0f2a8d0bd75aae8c4faf077_amd64",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:308bf7bffef3c969bb8d2bf02d516bf50a90f56fc700ae97d41bf3083ddc4f53_ppc64le",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:7333f1d60445adac0776fa4362ac2c5212faafe26d15da1e5f9b8fd3908cdf74_s390x",
"8Base-RHOL-5.5:openshift-logging/cluster-logging-rhel8-operator@sha256:fef2924d6f8df4c405b474cd3d438ce8252f259c3803aeca37b6f994ceba3f5f_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-operator-bundle@sha256:f6af35418dc282c51902b462c03a6fe62d38d0ec83b9fd7c95cee754377b24af_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:0599ae2e322dafeef0293ccb97feb4a0a7778575143a6dda3a06bdb490f179e3_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:a06d622a0e554353edbe29e46075f6ff383cb5bb008cd21521a0f3b4834a264a_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:d7575d0b9379fe3c69b0b8ea76bfd497dc2767acdd6f7c35550be08cc474fb29_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-proxy-rhel8@sha256:fd1a319ecd675325f297dcb670f83ae809d82beddc10f99649b7fed05b32b3eb_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:05e660bed7bf8c3bb0c0cec2f377f1cd7da6a2619fd51d89b13afc839e6e34ad_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:1f72b33596d3a4fa61843ecfa59b70f68042df7c7fb8f367ac7d1983d19877da_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:6c2fce66b366d763f3a9c5242eba1604e19be44be45547748aab969d50559dec_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch-rhel8-operator@sha256:71273bfac1b8d72f81e863681f329b2c834ac3b9b7797cccbf6ffb23efad8b0f_amd64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:08808e86c1c4a6f1e64800760b3ea3b93d90a3215de920fddcadb7a5b29fb82e_s390x",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:3776dde25b75ec53b1172d175dcf00a8856e2fb97a9971047202b5cc0efb51be_ppc64le",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:ac76f4d5a07431295a760ea4892f8c6704de1a4d9959ea79568abd33c6f16550_arm64",
"8Base-RHOL-5.5:openshift-logging/elasticsearch6-rhel8@sha256:f4565e374f73d72f720e571742ba6598ab4499fa0cca17cf3fa3078d0b9a6f37_amd64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:364a0aeb3fbe41cb4563abe282eea246815996cee862a472090e3e2a3fb2b877_ppc64le",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:378d1d80a68f0c18800706a1d35e7808e7215914e8ae19890e35d4387481c078_s390x",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:48b65412b9d438362cfa492eeca2130f87997e22630668ff2b1b1c5a831ebe6e_arm64",
"8Base-RHOL-5.5:openshift-logging/eventrouter-rhel8@sha256:b12aaab8e5ef6ec47539183283161348f314d05f56de672d34a6df576da905c8_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0181f1dc2089fd0bd3ab9f22ea399a1750c6e5657bacefc4226ac3ea59debd44_amd64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:0e831cf4a68dcb115710ae1996043ea2ce22849e55bc214e0bafb616fe8ed497_arm64",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:6b503da1639b35cab5ff76bd8058026875a9b2a0c6fc0b6df62c1fefe016345a_s390x",
"8Base-RHOL-5.5:openshift-logging/fluentd-rhel8@sha256:c440a0e7ce359b7c7649c7522540689c831c48f51407594a6bf4b0776ff3d104_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7857d67e9f47c9caba32bd73271fcbfafd00047ea97956f065a39ba8782d44a3_ppc64le",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:7eb9000152182b004c4dddf1d5bd90eab32f5d11eac80670710a660c35dfa105_s390x",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:a40fd7ced648e328d9e122ea1239816e26744a2289b560c636461a737f814199_arm64",
"8Base-RHOL-5.5:openshift-logging/kibana6-rhel8@sha256:eaa0831f379fbe5d0263113dad7b0d6c13b117d43126ac489d253338f881b6c8_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:3a0993b049b4556d2011abfdb05bd61cfe6855b4ca444ee992fe58e25b31581f_arm64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:ce5bd75e7e188877599222ac77ab7093fec0409cebd2bc379744830861d82ebf_s390x",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:d46966247189f43bf33cc82b937a59cdfcf10504ff8050119385bf63e7d81e34_amd64",
"8Base-RHOL-5.5:openshift-logging/log-file-metric-exporter-rhel8@sha256:f94785be16f1a0ce3fc41a081dfd8925c51290ae9206a101bdb98a051209c69c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:28a7b04ec5810ec7b7dcd3c233edb96ca324905e82ecabdadf551e616b7da05c_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:72e0218c73cd271d6aeb395a25f5ea7956daeae7c635fc04c7e6d27c2eb5e181_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:9169b406ff5e87edbe9243a568638bcc8d342ca685186bce6f6964cf5fa8785f_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-curator5-rhel8@sha256:f6ec36b684176d59d688b3f2beb22caaaa7cf1781161d9f9c76c106ac56f9d46_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:287c2fdcf4be7c80d4ebf4bce0ac3ea1762ab35ca674f74db088c3f61ac232c1_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:950aab49aafd6a97d5ed498ceee95f600462062f197a45d0020456133c7773c1_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:951a8f3db7b38894f8276375bbb5bd5651652b4c550c27dea6140efe40026d2f_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-loki-rhel8@sha256:c1bab2bb325a89d3e4fc339f95442a823d952596f80e9e756778d00982ff4e65_arm64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:4c19d67d3c3f58b6050971dbc1ca850d72bbc6fef857be4f69a6db8a9a19e3ef_amd64",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:628c5faced7d608e3727326cc9d47b6cb1081181c9881736705b346f20c6dce4_s390x",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:c66c39c2e4df1c15daa82119fbfa3c16d67b0e730ca39db675b69c6a93fa6c5b_ppc64le",
"8Base-RHOL-5.5:openshift-logging/logging-view-plugin-rhel8@sha256:e6d7f327bdd8973037fdee50f91c12731ecb39c26dc20a164551e4396f56c218_arm64",
"8Base-RHOL-5.5:openshift-logging/loki-operator-bundle@sha256:2791b01acab311ef2386228772751c7702e1139e6db26f76be190ab3e79a3d38_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:56d66398e41804fbebe5ba0ba78d9d32c5d0b22d4962e0cd9de7648adc78e7d5_amd64",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:7914c3a644a934a1d24a2ba2e9362b3b932a427ff02854a71b5075ee3b653cef_s390x",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:839dacd7f0ca3405440741d2c575ca4cfe6e4307e34f4669eca938edd176c25d_ppc64le",
"8Base-RHOL-5.5:openshift-logging/loki-rhel8-operator@sha256:c21acce895095222da9bd3bc1885b8baa70f77aed5cb88d902fd164f54975578_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:01a25a9b81000a99b3c473d9f2a93c27a7a6f8919d062bc615f78f9f7deb1024_arm64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:096033a45f20be6e319cc35e9ac567b47371de3242c8cbaf3c9b474da1ed9d0f_s390x",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6b3400f180c5a5ef95b5f5a933b8bfb0ef570c554985d700e4e10bbf876dd192_amd64",
"8Base-RHOL-5.5:openshift-logging/lokistack-gateway-rhel8@sha256:6f01a9f6e2390138b673feadd1cebd2a88e0149436093389b6a177bc0bc20e71_ppc64le",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:2e02678af3c1fae869742bae38403aa676ccdbec6fce43720be3c33399bfe965_amd64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:950220a88d151970a183d276589f846bc209d302e6de5fb7fe05cb9718597326_s390x",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:9ae4b704b6326b14892f560168b2d5ce29f615360aab537b939c2ef00ef0933c_arm64",
"8Base-RHOL-5.5:openshift-logging/opa-openshift-rhel8@sha256:e11def073dcc8448c4c0f8bbb2c8f8a6b309a4199990d2c98a6b4092d2cf8d80_ppc64le",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:21ee0003cd6ac6035cbb9d88cf9f524681080b1198c687c49055d6cbec6ce0a6_ppc64le",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:25d0bb74c765fe7a5255da943a39121daac2dd93240efa932ed52fce0860101b_amd64",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:56367c67b0be8e48f47ce1c30be92d1c9dd2bf123c7247a4852ce3a7e6c37795_s390x",
"8Base-RHOL-5.5:openshift-logging/vector-rhel8@sha256:f5bcf8df21f81154708c975272975fb5bc3f29764eccf6c39c79f1aede39fbe2_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:0932
Vulnerability from csaf_redhat - Published: 2023-03-08 14:06 - Updated: 2026-04-30 13:12Summary
Red Hat Security Advisory: Logging Subsystem 5.6.3 - Red Hat OpenShift
Severity
Moderate
Notes
Topic: Logging Subsystem 5.6.3 - Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Logging Subsystem 5.6.3 - Red Hat OpenShift
Security Fix(es):
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64 | — |
Vendor Fix
fix
|
Known not affected
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64 | — |
Vendor Fix
fix
|
Known not affected
55 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64 | — | ||
| Unresolved product id: 8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le | — |
Threats
Impact
Moderate
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Logging Subsystem 5.6.3 - Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Logging Subsystem 5.6.3 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0932",
"url": "https://access.redhat.com/errata/RHSA-2023:0932"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "LOG-3717",
"url": "https://issues.redhat.com/browse/LOG-3717"
},
{
"category": "external",
"summary": "LOG-3729",
"url": "https://issues.redhat.com/browse/LOG-3729"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0932.json"
}
],
"title": "Red Hat Security Advisory: Logging Subsystem 5.6.3 - Red Hat OpenShift",
"tracking": {
"current_release_date": "2026-04-30T13:12:30+00:00",
"generator": {
"date": "2026-04-30T13:12:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:0932",
"initial_release_date": "2023-03-08T14:06:03+00:00",
"revision_history": [
{
"date": "2023-03-08T14:06:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-08T14:06:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:12:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOL 5.6 for RHEL 8",
"product": {
"name": "RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.6::el8"
}
}
}
],
"category": "product_family",
"name": "logging for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.3-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.3-7"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-342"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-103"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-310"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-302"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-94"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x",
"product_id": "openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-90"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x",
"product_id": "openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-339"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.3-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x",
"product_id": "openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-57"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.3-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.3-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-163"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-49"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.3-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.3-7"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-342"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-103"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-310"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-302"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-94"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-90"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-339"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.3-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64",
"product_id": "openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-57"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.3-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.3-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-163"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-49"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.3-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.3-7"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-342"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-103"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-310"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-302"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-94"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le",
"product_id": "openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-90"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le",
"product_id": "openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-339"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.3-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le",
"product_id": "openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-57"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.3-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.3-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-163"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-49"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64",
"product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.6.3-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.6.3-31"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64",
"product": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64",
"product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.6.3-7"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64",
"product": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64",
"product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.6.3-24"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64",
"product": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64",
"product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-342"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.1.0-103"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64",
"product": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64",
"product_id": "openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-310"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64",
"product": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64",
"product_id": "openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-302"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64",
"product_id": "openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.4.0-94"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64",
"product_id": "openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.14.6-90"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64",
"product": {
"name": "openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64",
"product_id": "openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-339"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64",
"product": {
"name": "openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64",
"product_id": "openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel8\u0026tag=v2.7.3-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64",
"product": {
"name": "openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64",
"product_id": "openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel8\u0026tag=v0.21.0-57"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64",
"product_id": "openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel8\u0026tag=v5.6.3-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64",
"product": {
"name": "openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64",
"product_id": "openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.6.3-28"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64",
"product": {
"name": "openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64",
"product_id": "openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel8-operator\u0026tag=v5.6.3-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64",
"product_id": "openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel8\u0026tag=v0.1.0-163"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64",
"product": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64",
"product_id": "openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel8\u0026tag=v0.1.0-49"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64"
},
"product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64"
},
"product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x"
},
"product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x"
},
"product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64"
},
"product_reference": "openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le"
},
"product_reference": "openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x"
},
"product_reference": "openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64"
},
"product_reference": "openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64"
},
"product_reference": "openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64"
},
"product_reference": "openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64"
},
"product_reference": "openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64 as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64",
"relates_to_product_reference": "8Base-RHOL-5.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le as a component of RHOL 5.6 for RHEL 8",
"product_id": "8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le"
},
"product_reference": "openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le",
"relates_to_product_reference": "8Base-RHOL-5.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150323"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: \"qs\" prototype poisoning causes the hang of the node process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24999"
},
{
"category": "external",
"summary": "RHBZ#2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/pull/428",
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"category": "external",
"summary": "https://github.com/n8tz/CVE-2022-24999",
"url": "https://github.com/n8tz/CVE-2022-24999"
}
],
"release_date": "2022-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-08T14:06:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: \"qs\" prototype poisoning causes the hang of the node process"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64"
],
"known_not_affected": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-08T14:06:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOL-5.6:openshift-logging/cluster-logging-operator-bundle@sha256:c45854097cbbc184830cc41e57518afd1d93b909c5a6bf62d17cd922460f05a2_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:0e167d232bdccdf71846b69631314df97660da3e3581a9a50d78a85925b47883_s390x",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:25e99a1b6236720d27af67885dc9977c5a57ed7223ee26e00f97a6c77697fd38_arm64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:911b3a6a531023ec51a42aad73cb56c5710344568226eada7b7332f51bca4167_amd64",
"8Base-RHOL-5.6:openshift-logging/cluster-logging-rhel8-operator@sha256:d740ec313b251b04c2fda54b810617d0d61c586598a72a1fff2c39b5ff2b2a23_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-operator-bundle@sha256:071423618c82b05abb31a7697b1b0f53cf1f6174a4adcc673fd7e080a2353c2e_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:00995f237bb8d4ec4fbb7643225a6ba191894f98a269daffba942e5aa1226f73_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:0ef99a61c41e5ba3f013ee8c3cbe3c9455f9089140f0685af4e551fc411dc1d4_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:a799a967668e9f45f31be3ee65f2ae6e61fe6dc0b583606f9c57b54c460bb1b6_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-proxy-rhel8@sha256:e6d6352ce2ac7178ca7730294f3dc6a2f6f6f85888e52c3621722c548dea09f9_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:1a4555f082a0d0cb9de7b2f6ceade4201917c68949b96cd34242f60ac6b0e452_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5a654a50c82878518a0ff57cb63b0a7edb4c3019d25dd54bc99cc1c9b842722a_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:5f02319bf9745be1aacfee77cdefc47ff54e7567e89dba56c07b1e17e4447e8e_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch-rhel8-operator@sha256:f6395b5342fccec8414c71e49a7b8b3a0cdc6238abce4bcef97268f1fdf510ed_s390x",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c03b5d752fd169db97532eac64c10871b865fc351536f2b4c471165534c2bf59_ppc64le",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:c5f20bed7139363cc8c12fb3d38341027d3660ca1d8d1b3a74b6a2eb0d753ba9_arm64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:d9a3af8383fde0e7e08c8cd6a6679507d621900fc693bd5ed432234fb9184ef2_amd64",
"8Base-RHOL-5.6:openshift-logging/elasticsearch6-rhel8@sha256:f90bbb41cab58931aab34890b507d5fa2c2ae08b6320d4b35bd367f5dabd8f50_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:2da4527aa8d97669d602c7cf94373e16ee0dc2851e2303de49a919c3a85e1f41_ppc64le",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:50aae19f0750c0f35a905d81a758ff2c9dac6e410a3c6c0b76f9ef8ca112a64f_s390x",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:e59f049fac9cdbcdb695efc84d014fee9ed6d13c64ec2e8818fd619aa14dbe1d_amd64",
"8Base-RHOL-5.6:openshift-logging/eventrouter-rhel8@sha256:f861fadfefcf3e81597a33e94285603ea45e1956eb558279cee9a128012d0f59_arm64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:5c97c94c0904b478fe8b13a5d8127c053859046105a0baf4807700c2234998d9_amd64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:933a3bf79972f2e5c8ba21aac1584778528dc6d090c1269fb9eb7f98bc3748e1_arm64",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:eb1994e66ed00564f8dfddcb7b6b3276ef4eaa798099c61b7eea6c803e329e35_s390x",
"8Base-RHOL-5.6:openshift-logging/fluentd-rhel8@sha256:f6b065eded5ec8c80c22a49ca37453dca681f74f8851490a178d813c77f27d62_ppc64le",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:344d9cd561f7c62c6de21d2bac7662827edd530239e5607fa1eb6d1f8ceefdea_amd64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:600e20533b2bb2f67277a19c1fc3a0732da6f01afd01e1b552535669ff88c262_s390x",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:7599a21ef8a5f6867cfc3f9a2a4126847b10060480469a6b91882b97905b0cad_arm64",
"8Base-RHOL-5.6:openshift-logging/kibana6-rhel8@sha256:d038bb1cb036a12405fd72590ad862a639189117d5876a82c866839907e35f73_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:099dcd31bd02a8608bf9aa62343f4bcb728c02c4ba3628e705258b1c2fabe580_arm64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:90e25734d33a06ef98524c90109eec153ccc6b3ac8f7b7c34214280058bb4c76_ppc64le",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ced75e473f009c273c7ba9a38bc4a6d6b92eb5e9f561ea1de7abb81ffa207a91_amd64",
"8Base-RHOL-5.6:openshift-logging/log-file-metric-exporter-rhel8@sha256:ee32b20430cd06c9bcd9349e3f1e8282e9e9a616fb398604b3717f73e6aaab91_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:5746793b1fec9ffe6a077ba726018617e1b4e766f03b4ccef5dd3f505b3dda2f_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:64bea63dcaac7b40510055f4162b435a3f8088fa1a5fa47028cae7ee04cf4e37_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:92fb27a1aa2b1be0cc5549bc97242f7f05d090e8ba6308f49eb399b742eed3fc_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-curator5-rhel8@sha256:d0ad7c6e936658598cef688422e3315e85c8627c49f8449ef48fe1b1602cfa29_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:63c6ea77362370dd1a60c8d654a96bcbf488f5681445a3fc3f9dbe95d2924a5c_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:82c7bf1ee3dc2be95909defbf53292155980d420baf513595739a9391b6c4e19_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:d6c72b1be0243d91713ad5066a74722172d408cd94256bd61f613c9f61cb9030_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-loki-rhel8@sha256:fee87f3de6d9bb44b0436f1fe6c706f7bf1ab7685d1ab00333939a8432492b31_arm64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:0cd5fe2598a0ea587e07d006ee4e8367e146cbc5ac2409e62b51d0d2eabcd9e7_ppc64le",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:4c4b0f10ea3d7eff3f2f6ee81963be829be283ba82e164c553d14f81905156cb_s390x",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:592a51ddcf3546502cc21b82be6e3011c20c59ea3740431018b30907ee11e4ac_amd64",
"8Base-RHOL-5.6:openshift-logging/logging-view-plugin-rhel8@sha256:b6bc0ab4ab8f31f81d7c5340918e69cad182b0a5e0669ef45f74f8810b1209f4_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-operator-bundle@sha256:2e1df5346272bcfa8b8d0280df69fa648a0d16516d0b2addb3a12ec14906f4d0_amd64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:03f1cf4cb1eea8dd60eec55b92cefcd3fe9d2194eec1145d693daff66092dee5_s390x",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:098747d5fb20f9d871a62f04714a1a2d85561d9f09dd4e0c6733cf9062df80e1_ppc64le",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:16ddb250e456115e193392a08d322247ff0c8907e36abceab95b06d45b14b932_arm64",
"8Base-RHOL-5.6:openshift-logging/loki-rhel8-operator@sha256:6fe90266c58241180f8548354586b2647146568579687935acc8dd240611872d_amd64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:8118e813acde448251ee6a0e66d36e028f996f2e86f5ad6ba1a2699b04a94be0_amd64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:967d139924314bd44373058ff26ceda4193223936f2528712d3144aeb4785704_arm64",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:c20dd71f574381c20abd76ab30c43bf92af0560bedb51fd7c3a6585f047d30ff_ppc64le",
"8Base-RHOL-5.6:openshift-logging/lokistack-gateway-rhel8@sha256:e089e8dd44785e6b54296f26c2ea3740841d0b024fc38283c372e3237734f07e_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:077381bfe6d494aacedfe9ea21398ef4a6f0c3c9e77f7aac84070450bc361de7_ppc64le",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:9d4b4276b923b60782d03d04d65bd290e5f92f201e6c4d9baad08e9eb32561e1_s390x",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:a7e6a512ed9cde3ffb8c6214e3c8b697b175d9fe5aaa90ef17fe02cc3144c1a8_arm64",
"8Base-RHOL-5.6:openshift-logging/opa-openshift-rhel8@sha256:c01bcc09942867514495c777becea8a8eef83ec80eee838922406cb156977400_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:2289ca68a0a07e537defe02132f6c0efa98368f0fc6fa44fcb75793e788a4c62_arm64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb1285348400b3284ac6fa3e98664dfa7303ccc369afe7930c238be3880a87c6_s390x",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:bb7dcd344560e3b4c4dad7cc64aa42a8d4388fc5b24cf48fca40543cecbd4dc0_amd64",
"8Base-RHOL-5.6:openshift-logging/vector-rhel8@sha256:f3ac64bb95781e0c4bb712accd6ce0949c6dbf653f177571a42f85841bc28ffb_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
}
]
}
RHSA-2023:0934
Vulnerability from csaf_redhat - Published: 2023-02-28 00:50 - Updated: 2026-05-27 20:16Summary
Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update
Severity
Important
Notes
Topic: Migration Toolkit for Applications 6.0.1 release
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details: Migration Toolkit for Applications 6.0.1 Images
Security Fix(es) from Bugzilla:
* loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)
* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)
* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)
* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* loader-utils:Regular expression denial of service (CVE-2022-37603)
* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64 | — |
Threats
Impact
Moderate
A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64 | — |
Threats
Impact
Moderate
A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64 | — |
Threats
Impact
Moderate
A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64 | — |
Threats
Impact
Moderate
An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64 | — |
Threats
Impact
Important
A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64 | — | ||
| Unresolved product id: 8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64 | — |
Threats
Impact
Moderate
References
80 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Migration Toolkit for Applications 6.0.1 release\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Migration Toolkit for Applications 6.0.1 Images\n\nSecurity Fix(es) from Bugzilla:\n\n* loader-utils: prototype pollution in function parseQuery in parseQuery.js (CVE-2022-37601)\n\n* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing (CVE-2022-42920)\n\n* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* loader-utils:Regular expression denial of service (CVE-2022-37603)\n\n* golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:0934",
"url": "https://access.redhat.com/errata/RHSA-2023:0934"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2134876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876"
},
{
"category": "external",
"summary": "2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "2156263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
},
{
"category": "external",
"summary": "2156324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
},
{
"category": "external",
"summary": "2156683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683"
},
{
"category": "external",
"summary": "2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "MTA-103",
"url": "https://issues.redhat.com/browse/MTA-103"
},
{
"category": "external",
"summary": "MTA-106",
"url": "https://issues.redhat.com/browse/MTA-106"
},
{
"category": "external",
"summary": "MTA-122",
"url": "https://issues.redhat.com/browse/MTA-122"
},
{
"category": "external",
"summary": "MTA-123",
"url": "https://issues.redhat.com/browse/MTA-123"
},
{
"category": "external",
"summary": "MTA-127",
"url": "https://issues.redhat.com/browse/MTA-127"
},
{
"category": "external",
"summary": "MTA-131",
"url": "https://issues.redhat.com/browse/MTA-131"
},
{
"category": "external",
"summary": "MTA-36",
"url": "https://issues.redhat.com/browse/MTA-36"
},
{
"category": "external",
"summary": "MTA-44",
"url": "https://issues.redhat.com/browse/MTA-44"
},
{
"category": "external",
"summary": "MTA-49",
"url": "https://issues.redhat.com/browse/MTA-49"
},
{
"category": "external",
"summary": "MTA-59",
"url": "https://issues.redhat.com/browse/MTA-59"
},
{
"category": "external",
"summary": "MTA-65",
"url": "https://issues.redhat.com/browse/MTA-65"
},
{
"category": "external",
"summary": "MTA-72",
"url": "https://issues.redhat.com/browse/MTA-72"
},
{
"category": "external",
"summary": "MTA-73",
"url": "https://issues.redhat.com/browse/MTA-73"
},
{
"category": "external",
"summary": "MTA-74",
"url": "https://issues.redhat.com/browse/MTA-74"
},
{
"category": "external",
"summary": "MTA-76",
"url": "https://issues.redhat.com/browse/MTA-76"
},
{
"category": "external",
"summary": "MTA-77",
"url": "https://issues.redhat.com/browse/MTA-77"
},
{
"category": "external",
"summary": "MTA-80",
"url": "https://issues.redhat.com/browse/MTA-80"
},
{
"category": "external",
"summary": "MTA-82",
"url": "https://issues.redhat.com/browse/MTA-82"
},
{
"category": "external",
"summary": "MTA-85",
"url": "https://issues.redhat.com/browse/MTA-85"
},
{
"category": "external",
"summary": "MTA-88",
"url": "https://issues.redhat.com/browse/MTA-88"
},
{
"category": "external",
"summary": "MTA-92",
"url": "https://issues.redhat.com/browse/MTA-92"
},
{
"category": "external",
"summary": "MTA-96",
"url": "https://issues.redhat.com/browse/MTA-96"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_0934.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update",
"tracking": {
"current_release_date": "2026-05-27T20:16:53+00:00",
"generator": {
"date": "2026-05-27T20:16:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:0934",
"initial_release_date": "2023-02-28T00:50:28+00:00",
"revision_history": [
{
"date": "2023-02-28T00:50:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-02-28T23:46:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T20:16:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "MTA 6.0 for RHEL 8",
"product": {
"name": "MTA 6.0 for RHEL 8",
"product_id": "8Base-MTA-6.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:migration_toolkit_applications:6.0::el8"
}
}
}
],
"category": "product_family",
"name": "Migration Toolkit for Applications"
},
{
"branches": [
{
"category": "product_version",
"name": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"product": {
"name": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"product_id": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-admin-addon-rhel8\u0026tag=6.0.1-8"
}
}
},
{
"category": "product_version",
"name": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"product": {
"name": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"product_id": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-hub-rhel8\u0026tag=6.0.1-8"
}
}
},
{
"category": "product_version",
"name": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"product": {
"name": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"product_id": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-pathfinder-rhel8\u0026tag=6.0.1-6"
}
}
},
{
"category": "product_version",
"name": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
"product": {
"name": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
"product_id": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-ui-rhel8\u0026tag=6.0.1-10"
}
}
},
{
"category": "product_version",
"name": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64",
"product": {
"name": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64",
"product_id": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108?arch=amd64\u0026repository_url=registry.redhat.io/mta/mta-windup-addon-rhel8\u0026tag=6.0.1-9"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64 as a component of MTA 6.0 for RHEL 8",
"product_id": "8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64"
},
"product_reference": "mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"relates_to_product_reference": "8Base-MTA-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64 as a component of MTA 6.0 for RHEL 8",
"product_id": "8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64"
},
"product_reference": "mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"relates_to_product_reference": "8Base-MTA-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64 as a component of MTA 6.0 for RHEL 8",
"product_id": "8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64"
},
"product_reference": "mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"relates_to_product_reference": "8Base-MTA-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64 as a component of MTA 6.0 for RHEL 8",
"product_id": "8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
},
"product_reference": "mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
"relates_to_product_reference": "8Base-MTA-6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64 as a component of MTA 6.0 for RHEL 8",
"product_id": "8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
},
"product_reference": "mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64",
"relates_to_product_reference": "8Base-MTA-6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36567",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2022-12-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156683"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
],
"known_not_affected": [
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36567"
},
{
"category": "external",
"summary": "RHBZ#2156683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36567",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36567"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567"
},
{
"category": "external",
"summary": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d",
"url": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d"
},
{
"category": "external",
"summary": "https://github.com/gin-gonic/gin/pull/2237",
"url": "https://github.com/gin-gonic/gin/pull/2237"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2020-0001",
"url": "https://pkg.go.dev/vuln/GO-2020-0001"
}
],
"release_date": "2022-12-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-28T00:50:28+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin"
},
{
"cve": "CVE-2021-35065",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-12-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156324"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob-parent: Regular Expression Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
],
"known_not_affected": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-35065"
},
{
"category": "external",
"summary": "RHBZ#2156324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
"url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
}
],
"release_date": "2022-12-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-28T00:50:28+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glob-parent: Regular Expression Denial of Service"
},
{
"cve": "CVE-2022-24999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150323"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: \"qs\" prototype poisoning causes the hang of the node process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
],
"known_not_affected": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24999"
},
{
"category": "external",
"summary": "RHBZ#2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/pull/428",
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"category": "external",
"summary": "https://github.com/n8tz/CVE-2022-24999",
"url": "https://github.com/n8tz/CVE-2022-24999"
}
],
"release_date": "2022-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-28T00:50:28+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: \"qs\" prototype poisoning causes the hang of the node process"
},
{
"cve": "CVE-2022-37601",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-10-14T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134876"
}
],
"notes": [
{
"category": "description",
"text": "A prototype pollution vulnerability was found in the parseQuery function in parseQuery.js in the webpack loader-utils via the name variable in parseQuery.js. This flaw can lead to a denial of service or remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: prototype pollution in function parseQuery in parseQuery.js",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Packages shipped in Red Hat Enterprise Linux use \u0027loader-utils\u0027 as a transitive dependency. Thus, reducing the impact to Moderate.\n\nIn Red Hat containerized products like OCP and ODF, the vulnerable loader-utils NodeJS module is bundled as a transitive dependency, hence the direct impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
],
"known_not_affected": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37601"
},
{
"category": "external",
"summary": "RHBZ#2134876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134876"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37601"
},
{
"category": "external",
"summary": "https://github.com/webpack/loader-utils/issues/212",
"url": "https://github.com/webpack/loader-utils/issues/212"
}
],
"release_date": "2022-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-28T00:50:28+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: prototype pollution in function parseQuery in parseQuery.js"
},
{
"cve": "CVE-2022-37603",
"cwe": {
"id": "CWE-185",
"name": "Incorrect Regular Expression"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140597"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
],
"known_not_affected": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37603"
},
{
"category": "external",
"summary": "RHBZ#2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-28T00:50:28+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: Regular expression denial of service"
},
{
"cve": "CVE-2022-41717",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-01-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2161274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within Red Hat OpenShift Container Platform, the grafana container is listed as will not fix. Since OCP 4.10, Grafana itself is not shipped and the Grafana web server is protected behind an OAuth proxy server.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
],
"known_not_affected": [
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "RHBZ#2161274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41717"
},
{
"category": "external",
"summary": "https://go.dev/cl/455635",
"url": "https://go.dev/cl/455635"
},
{
"category": "external",
"summary": "https://go.dev/cl/455717",
"url": "https://go.dev/cl/455717"
},
{
"category": "external",
"summary": "https://go.dev/issue/56350",
"url": "https://go.dev/issue/56350"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ",
"url": "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2022-1144",
"url": "https://pkg.go.dev/vuln/GO-2022-1144"
}
],
"release_date": "2022-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-28T00:50:28+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests"
},
{
"cve": "CVE-2022-42920",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2142707"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds (OOB) write flaw was found in Apache Commons BCEL API. This flaw can be used to produce arbitrary bytecode and may abuse applications that pass attacker-controlled data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Fuse 7 ships the code in question but does not utilize it in the product, so it is affected at a reduced impact of Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
],
"known_not_affected": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-42920"
},
{
"category": "external",
"summary": "RHBZ#2142707",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142707"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42920"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4",
"url": "https://lists.apache.org/thread/lfxk7q8qmnh5bt9jm6nmjlv5hsxjhrz4"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-28T00:50:28+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing"
},
{
"cve": "CVE-2022-46175",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156263"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json5: Prototype Pollution in JSON5 via Parse Method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
],
"known_not_affected": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46175"
},
{
"category": "external",
"summary": "RHBZ#2156263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
},
{
"category": "external",
"summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
"url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
}
],
"release_date": "2022-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-02-28T00:50:28+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-MTA-6.0:mta/mta-admin-addon-rhel8@sha256:9445191232ad1ff1c2926b5a2194130502696a74620cda941675edc9c366b305_amd64",
"8Base-MTA-6.0:mta/mta-hub-rhel8@sha256:ebc8706761a518bd08447a6e51a35f81e5beb3840f3b6b66f656c23c36c07e76_amd64",
"8Base-MTA-6.0:mta/mta-pathfinder-rhel8@sha256:b50244562f83977574d1bd88adc1d259501c90f883596b15fa81e557844e2956_amd64",
"8Base-MTA-6.0:mta/mta-ui-rhel8@sha256:e00e79bc7fb1bc104b1d3e0ebc6b49c7d3c7885925e3c432d60b43f10aaec1c4_amd64",
"8Base-MTA-6.0:mta/mta-windup-addon-rhel8@sha256:9a912e054a7c46e07bdbfeb165f0e71ff3686bcdba9cd53d0ed6be8ff0607108_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json5: Prototype Pollution in JSON5 via Parse Method"
}
]
}
RHSA-2023:1428
Vulnerability from csaf_redhat - Published: 2023-03-23 02:16 - Updated: 2026-05-27 20:17Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update
Severity
Important
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.7.8 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* ua-parser-js: ReDoS vulnerability via the trim() function (CVE-2022-25927)
* loader-utils: Regular expression denial of service (CVE-2022-37603)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* jszip: directory traversal via a crafted ZIP archive (CVE-2022-48285)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* The velero image cannot be overridden in the operator (BZ#2143389)
* Adding a MigCluster from UI fails when the domain name has characters more than 6 (BZ#2152149)
* UI fails to render the 'migrations' page: "Cannot read properties of undefined (reading 'name')" (BZ#2163485)
* Creating DPA resource fails on OCP 4.6 clusters (BZ#2173742)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service (ReDoS) via the trim() function.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Important
A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with `loadAsync`, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files, and execute arbitrary commands on the system.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
References
63 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.7.8 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* ua-parser-js: ReDoS vulnerability via the trim() function (CVE-2022-25927)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n* jszip: directory traversal via a crafted ZIP archive (CVE-2022-48285)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The velero image cannot be overridden in the operator (BZ#2143389)\n\n* Adding a MigCluster from UI fails when the domain name has characters more than 6 (BZ#2152149)\n\n* UI fails to render the \u0027migrations\u0027 page: \"Cannot read properties of undefined (reading \u0027name\u0027)\" (BZ#2163485)\n\n* Creating DPA resource fails on OCP 4.6 clusters (BZ#2173742)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1428",
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "2143389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143389"
},
{
"category": "external",
"summary": "2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "2152149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152149"
},
{
"category": "external",
"summary": "2156263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
},
{
"category": "external",
"summary": "2156683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683"
},
{
"category": "external",
"summary": "2163485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163485"
},
{
"category": "external",
"summary": "2165020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165020"
},
{
"category": "external",
"summary": "2165797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165797"
},
{
"category": "external",
"summary": "2165824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
},
{
"category": "external",
"summary": "2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "2173742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173742"
},
{
"category": "external",
"summary": "MIG-1298",
"url": "https://issues.redhat.com/browse/MIG-1298"
},
{
"category": "external",
"summary": "MIG-1315",
"url": "https://issues.redhat.com/browse/MIG-1315"
},
{
"category": "external",
"summary": "MIG-1318",
"url": "https://issues.redhat.com/browse/MIG-1318"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1428.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update",
"tracking": {
"current_release_date": "2026-05-27T20:17:20+00:00",
"generator": {
"date": "2026-05-27T20:17:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:1428",
"initial_release_date": "2023-03-23T02:16:09+00:00",
"revision_history": [
{
"date": "2023-03-23T02:16:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-23T02:16:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-27T20:17:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.7",
"product": {
"name": "8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.8-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"product": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.8-10"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.8-10"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.8-10"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.8-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.8-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.8-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.8-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64"
},
"product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36567",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2022-12-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156683"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36567"
},
{
"category": "external",
"summary": "RHBZ#2156683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36567",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36567"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567"
},
{
"category": "external",
"summary": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d",
"url": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d"
},
{
"category": "external",
"summary": "https://github.com/gin-gonic/gin/pull/2237",
"url": "https://github.com/gin-gonic/gin/pull/2237"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2020-0001",
"url": "https://pkg.go.dev/vuln/GO-2020-0001"
}
],
"release_date": "2022-12-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin"
},
{
"cve": "CVE-2022-24999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150323"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: \"qs\" prototype poisoning causes the hang of the node process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24999"
},
{
"category": "external",
"summary": "RHBZ#2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/pull/428",
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"category": "external",
"summary": "https://github.com/n8tz/CVE-2022-24999",
"url": "https://github.com/n8tz/CVE-2022-24999"
}
],
"release_date": "2022-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: \"qs\" prototype poisoning causes the hang of the node process"
},
{
"cve": "CVE-2022-25881",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2165824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25881"
},
{
"category": "external",
"summary": "RHBZ#2165824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
},
{
"cve": "CVE-2022-25927",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-01-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2165020"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service (ReDoS) via the trim() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ua-parser-js: ReDoS vulnerability via the trim() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25927"
},
{
"category": "external",
"summary": "RHBZ#2165020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25927"
}
],
"release_date": "2023-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ua-parser-js: ReDoS vulnerability via the trim() function"
},
{
"cve": "CVE-2022-37603",
"cwe": {
"id": "CWE-185",
"name": "Incorrect Regular Expression"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140597"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37603"
},
{
"category": "external",
"summary": "RHBZ#2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: Regular expression denial of service"
},
{
"cve": "CVE-2022-38900",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170644"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "decode-uri-component: improper input validation resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38900"
},
{
"category": "external",
"summary": "RHBZ#2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
},
{
"category": "external",
"summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "decode-uri-component: improper input validation resulting in DoS"
},
{
"cve": "CVE-2022-46175",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156263"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json5: Prototype Pollution in JSON5 via Parse Method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46175"
},
{
"category": "external",
"summary": "RHBZ#2156263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
},
{
"category": "external",
"summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
"url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
}
],
"release_date": "2022-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json5: Prototype Pollution in JSON5 via Parse Method"
},
{
"cve": "CVE-2022-48285",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2165797"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with `loadAsync`, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files, and execute arbitrary commands on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jszip: directory traversal via a crafted ZIP archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-48285"
},
{
"category": "external",
"summary": "RHBZ#2165797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165797"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-48285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48285"
},
{
"category": "external",
"summary": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244499",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244499"
},
{
"category": "external",
"summary": "https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15",
"url": "https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15"
},
{
"category": "external",
"summary": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0",
"url": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0"
},
{
"category": "external",
"summary": "https://www.mend.io/vulnerability-database/WS-2023-0004",
"url": "https://www.mend.io/vulnerability-database/WS-2023-0004"
}
],
"release_date": "2023-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jszip: directory traversal via a crafted ZIP archive"
}
]
}
RHSA-2023:1533
Vulnerability from csaf_redhat - Published: 2023-03-30 13:06 - Updated: 2026-05-01 00:54Summary
Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
Severity
Important
Notes
Topic: An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (14.21.3).
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* minimist: prototype pollution (CVE-2021-44906)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
8.6 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
6.5 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
4.2 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
70 references
Acknowledgments
VVX7
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1533",
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "2130518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518"
},
{
"category": "external",
"summary": "2134609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
},
{
"category": "external",
"summary": "2140911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"
},
{
"category": "external",
"summary": "2142823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142823"
},
{
"category": "external",
"summary": "2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "2156324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
},
{
"category": "external",
"summary": "2165824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
},
{
"category": "external",
"summary": "2168631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"category": "external",
"summary": "2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "2171935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
},
{
"category": "external",
"summary": "2172217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
},
{
"category": "external",
"summary": "2175828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175828"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1533.json"
}
],
"title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-05-01T00:54:46+00:00",
"generator": {
"date": "2026-05-01T00:54:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2023:1533",
"initial_release_date": "2023-03-30T13:06:07+00:00",
"revision_history": [
{
"date": "2023-03-30T13:06:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-30T13:06:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-01T00:54:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=src\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"product": {
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src (nodejs:14)",
"product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=src\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"product": {
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14)",
"product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"product": {
"name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch (nodejs:14)",
"product_id": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"product": {
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch (nodejs:14)",
"product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=noarch\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"product": {
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14)",
"product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
"product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
"product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
"product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
"product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
"product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
"product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
"product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
"product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
"product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
"product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
"product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
"product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
"product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
"product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
"product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
"product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
"product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
"product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
"product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
"product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
},
"product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
},
"product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
},
"product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
},
"product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
},
"product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
},
"product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
},
"product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
},
"product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
},
"product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
},
"product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
},
"product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
},
"product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14"
},
"product_reference": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
},
"product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
},
"product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
},
"product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
},
"product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14"
},
"product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14"
},
"product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14"
},
"product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14"
},
"product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
},
"product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
},
"product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
},
"product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
},
"product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-35065",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-12-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156324"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob-parent: Regular Expression Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-35065"
},
{
"category": "external",
"summary": "RHBZ#2156324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
"url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
}
],
"release_date": "2022-12-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glob-parent: Regular Expression Denial of Service"
},
{
"cve": "CVE-2021-44906",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066009"
}
],
"notes": [
{
"category": "description",
"text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimist: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44906"
},
{
"category": "external",
"summary": "RHBZ#2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
}
],
"release_date": "2022-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimist: prototype pollution"
},
{
"cve": "CVE-2022-3517",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2022-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134609"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-minimatch: ReDoS via the braceExpand function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3517"
},
{
"category": "external",
"summary": "RHBZ#2134609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517"
}
],
"release_date": "2022-02-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-minimatch: ReDoS via the braceExpand function"
},
{
"cve": "CVE-2022-4904",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2023-02-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2168631"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "c-ares: buffer overflow in config_sortlist() due to missing string length check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4904"
},
{
"category": "external",
"summary": "RHBZ#2168631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904"
},
{
"category": "external",
"summary": "https://github.com/c-ares/c-ares/issues/496",
"url": "https://github.com/c-ares/c-ares/issues/496"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "c-ares: buffer overflow in config_sortlist() due to missing string length check"
},
{
"cve": "CVE-2022-24999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150323"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: \"qs\" prototype poisoning causes the hang of the node process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24999"
},
{
"category": "external",
"summary": "RHBZ#2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/pull/428",
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"category": "external",
"summary": "https://github.com/n8tz/CVE-2022-24999",
"url": "https://github.com/n8tz/CVE-2022-24999"
}
],
"release_date": "2022-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: \"qs\" prototype poisoning causes the hang of the node process"
},
{
"cve": "CVE-2022-25881",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2165824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25881"
},
{
"category": "external",
"summary": "RHBZ#2165824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
},
{
"acknowledgments": [
{
"names": [
"VVX7"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-35256",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-09-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2130518"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-35256"
},
{
"category": "external",
"summary": "RHBZ#2130518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256",
"url": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256"
}
],
"release_date": "2022-09-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields"
},
{
"cve": "CVE-2022-38900",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170644"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "decode-uri-component: improper input validation resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38900"
},
{
"category": "external",
"summary": "RHBZ#2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
},
{
"category": "external",
"summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "decode-uri-component: improper input validation resulting in DoS"
},
{
"cve": "CVE-2022-43548",
"cwe": {
"id": "CWE-350",
"name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
},
"discovery_date": "2022-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140911"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: DNS rebinding in inspect via invalid octal IP address",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Redhat has marked this vulnerability as moderate for two primary reasons.\n1. The vulnerable inspect functionality might not be enabled, exposed, or reachable in many deployments.\n\n2.The code path might require very specific configurations or conditions (e.g. DNS rebinding, certain host/IP setups) that are rare in default environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-43548"
},
{
"category": "external",
"summary": "RHBZ#2140911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548",
"url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: DNS rebinding in inspect via invalid octal IP address"
},
{
"cve": "CVE-2023-23918",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171935"
}
],
"notes": [
{
"category": "description",
"text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Permissions policies can be bypassed via process.mainModule",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in question can only be triggered by an attacker if the victim has enabled --experimental-policy which in many node.js deployments won\u0027t ,which marks the conditions for exploitability outside of the attacker\u0027s control.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23918"
},
{
"category": "external",
"summary": "RHBZ#2171935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
}
],
"release_date": "2023-02-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
},
{
"category": "workaround",
"details": "Turn off the --experimental-policy in your Node.js deployment.",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Permissions policies can be bypassed via process.mainModule"
},
{
"cve": "CVE-2023-23920",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172217"
}
],
"notes": [
{
"category": "description",
"text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23920"
},
{
"category": "external",
"summary": "RHBZ#2172217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
}
],
"release_date": "2023-02-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable"
}
]
}
RHSA-2023:1742
Vulnerability from csaf_redhat - Published: 2023-04-12 15:04 - Updated: 2026-05-14 22:33Summary
Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
Severity
Important
Notes
Topic: An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (14.21.3).
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)
* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)
* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)
* minimist: prototype pollution (CVE-2021-44906)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)
* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in node.js where it accepted a certificate's Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host.
7.4 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host.
7.4 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries.
7.4 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as "Authorization," "WWW-Authenticate," and "Cookie" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.
6.1 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
8.6 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to.
8.2 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
6.5 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
4.2 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
97 references
Acknowledgments
VVX7
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)\n\n* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)\n\n* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1742",
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2040839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839"
},
{
"category": "external",
"summary": "2040846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846"
},
{
"category": "external",
"summary": "2040856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856"
},
{
"category": "external",
"summary": "2040862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862"
},
{
"category": "external",
"summary": "2044591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
},
{
"category": "external",
"summary": "2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "2130518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518"
},
{
"category": "external",
"summary": "2134609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
},
{
"category": "external",
"summary": "2140911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"
},
{
"category": "external",
"summary": "2142822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142822"
},
{
"category": "external",
"summary": "2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "2156324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
},
{
"category": "external",
"summary": "2165824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
},
{
"category": "external",
"summary": "2168631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"category": "external",
"summary": "2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "2171935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
},
{
"category": "external",
"summary": "2172217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
},
{
"category": "external",
"summary": "2175827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175827"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1742.json"
}
],
"title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-05-14T22:33:02+00:00",
"generator": {
"date": "2026-05-14T22:33:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2023:1742",
"initial_release_date": "2023-04-12T15:04:47+00:00",
"revision_history": [
{
"date": "2023-04-12T15:04:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-04-12T15:04:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:33:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"product": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14)",
"product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"product": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14)",
"product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"product": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14)",
"product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"product": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14)",
"product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"product": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14)",
"product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=src\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"product": {
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src (nodejs:14)",
"product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=src\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"product": {
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14)",
"product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"product": {
"name": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch (nodejs:14)",
"product_id": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"product": {
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch (nodejs:14)",
"product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=noarch\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"product": {
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14)",
"product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"product": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14)",
"product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"product": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14)",
"product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"product": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14)",
"product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"product": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14)",
"product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"product": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14)",
"product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"product": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14)",
"product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"product": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14)",
"product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"product": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14)",
"product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"product": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14)",
"product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"product": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14)",
"product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"product": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14)",
"product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"product": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14)",
"product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"product": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14)",
"product_id": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"product": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14)",
"product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"product": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14)",
"product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.6.0%2B18532%2Bcbe6f646?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8060020230306170237:ad008a3a"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14"
},
"product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14"
},
"product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14"
},
"product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
},
"product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14"
},
"product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14"
},
"product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14"
},
"product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
},
"product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14"
},
"product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14"
},
"product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14"
},
"product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
},
"product_reference": "nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14"
},
"product_reference": "nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14"
},
"product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14"
},
"product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14"
},
"product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
},
"product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14"
},
"product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14"
},
"product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14"
},
"product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14"
},
"product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14"
},
"product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14"
},
"product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14"
},
"product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
},
"product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-35065",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-12-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156324"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob-parent: Regular Expression Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-35065"
},
{
"category": "external",
"summary": "RHBZ#2156324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
"url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
}
],
"release_date": "2022-12-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glob-parent: Regular Expression Denial of Service"
},
{
"cve": "CVE-2021-44531",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2022-01-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2040839"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node.js where it accepted a certificate\u0027s Subject Alternative Names (SAN) entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Improper handling of URI Subject Alternative Names",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44531"
},
{
"category": "external",
"summary": "RHBZ#2040839",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040839"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44531",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
}
],
"release_date": "2022-01-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Improper handling of URI Subject Alternative Names"
},
{
"cve": "CVE-2021-44532",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2022-01-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2040846"
}
],
"notes": [
{
"category": "description",
"text": "It was found that node.js did not safely read the x509 certificate generalName format properly, resulting in data injection. A certificate could use a specially crafted extension in order to be successfully validated, permitting an attacker to impersonate a trusted host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Certificate Verification Bypass via String Injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\" with impact LOW.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44532"
},
{
"category": "external",
"summary": "RHBZ#2040846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44532",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
}
],
"release_date": "2022-01-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Certificate Verification Bypass via String Injection"
},
{
"cve": "CVE-2021-44533",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2022-01-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2040856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Incorrect handling of certificate subject and issuer fields",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally, there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore, the Quay component is marked as \"Will not fix\" with impact LOW.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44533"
},
{
"category": "external",
"summary": "RHBZ#2040856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44533"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
}
],
"release_date": "2022-01-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Incorrect handling of certificate subject and issuer fields"
},
{
"cve": "CVE-2021-44906",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066009"
}
],
"notes": [
{
"category": "description",
"text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimist: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44906"
},
{
"category": "external",
"summary": "RHBZ#2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
}
],
"release_date": "2022-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimist: prototype pollution"
},
{
"cve": "CVE-2022-0235",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2022-01-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2044591"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-fetch: exposure of sensitive information to an unauthorized actor",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0235"
},
{
"category": "external",
"summary": "RHBZ#2044591",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/",
"url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/"
}
],
"release_date": "2022-01-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-fetch: exposure of sensitive information to an unauthorized actor"
},
{
"cve": "CVE-2022-3517",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2022-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134609"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-minimatch: ReDoS via the braceExpand function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3517"
},
{
"category": "external",
"summary": "RHBZ#2134609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517"
}
],
"release_date": "2022-02-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-minimatch: ReDoS via the braceExpand function"
},
{
"cve": "CVE-2022-4904",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2023-02-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2168631"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "c-ares: buffer overflow in config_sortlist() due to missing string length check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4904"
},
{
"category": "external",
"summary": "RHBZ#2168631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904"
},
{
"category": "external",
"summary": "https://github.com/c-ares/c-ares/issues/496",
"url": "https://github.com/c-ares/c-ares/issues/496"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "c-ares: buffer overflow in config_sortlist() due to missing string length check"
},
{
"cve": "CVE-2022-21824",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2022-01-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2040862"
}
],
"notes": [
{
"category": "description",
"text": "Due to the formatting logic of the \"console.table()\" function it was not safe to allow user controlled input to be passed to the \"properties\" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be \"__proto__\". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js \u003e= 12.22.9, \u003e= 14.18.3, \u003e= 16.13.2, and \u003e= 17.3.1 use a null protoype for the object these properties are being assigned to.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Prototype pollution via console.table properties",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-21824"
},
{
"category": "external",
"summary": "RHBZ#2040862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040862"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-21824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21824"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/",
"url": "https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/"
}
],
"release_date": "2022-01-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Prototype pollution via console.table properties"
},
{
"cve": "CVE-2022-24999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150323"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: \"qs\" prototype poisoning causes the hang of the node process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24999"
},
{
"category": "external",
"summary": "RHBZ#2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/pull/428",
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"category": "external",
"summary": "https://github.com/n8tz/CVE-2022-24999",
"url": "https://github.com/n8tz/CVE-2022-24999"
}
],
"release_date": "2022-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: \"qs\" prototype poisoning causes the hang of the node process"
},
{
"cve": "CVE-2022-25881",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2165824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25881"
},
{
"category": "external",
"summary": "RHBZ#2165824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
},
{
"acknowledgments": [
{
"names": [
"VVX7"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-35256",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-09-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2130518"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-35256"
},
{
"category": "external",
"summary": "RHBZ#2130518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256",
"url": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256"
}
],
"release_date": "2022-09-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields"
},
{
"cve": "CVE-2022-38900",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170644"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "decode-uri-component: improper input validation resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38900"
},
{
"category": "external",
"summary": "RHBZ#2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
},
{
"category": "external",
"summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "decode-uri-component: improper input validation resulting in DoS"
},
{
"cve": "CVE-2022-43548",
"cwe": {
"id": "CWE-350",
"name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
},
"discovery_date": "2022-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140911"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: DNS rebinding in inspect via invalid octal IP address",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Redhat has marked this vulnerability as moderate for two primary reasons.\n1. The vulnerable inspect functionality might not be enabled, exposed, or reachable in many deployments.\n\n2.The code path might require very specific configurations or conditions (e.g. DNS rebinding, certain host/IP setups) that are rare in default environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-43548"
},
{
"category": "external",
"summary": "RHBZ#2140911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548",
"url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: DNS rebinding in inspect via invalid octal IP address"
},
{
"cve": "CVE-2023-23918",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171935"
}
],
"notes": [
{
"category": "description",
"text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Permissions policies can be bypassed via process.mainModule",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in question can only be triggered by an attacker if the victim has enabled --experimental-policy which in many node.js deployments won\u0027t ,which marks the conditions for exploitability outside of the attacker\u0027s control.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23918"
},
{
"category": "external",
"summary": "RHBZ#2171935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
}
],
"release_date": "2023-02-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
},
{
"category": "workaround",
"details": "Turn off the --experimental-policy in your Node.js deployment.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Permissions policies can be bypassed via process.mainModule"
},
{
"cve": "CVE-2023-23920",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172217"
}
],
"notes": [
{
"category": "description",
"text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23920"
},
{
"category": "external",
"summary": "RHBZ#2172217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
}
],
"release_date": "2023-02-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-04-12T15:04:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1742"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.6.0+18532+cbe6f646.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.6.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.aarch64::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.ppc64le::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.s390x::nodejs:14",
"AppStream-8.6.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.6.0+18532+cbe6f646.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable"
}
]
}
RHSA-2023:3265
Vulnerability from csaf_redhat - Published: 2023-05-23 09:17 - Updated: 2026-03-19 23:59Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.3 Security and Bug fix update
Severity
Moderate
Notes
Topic: Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.
Security Fix(es):
* jsonwebtoken: Unrestricted key type could lead to legacy keys usagen (CVE-2022-23539)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Previously, odf-csi-addons-operator had low memory resource limit and as a result the odf-csi-addons-operator pod was OOMKilled (out of memory). With this fix, the default memory and the CPU resource limit has been increased and odf-csi-addons-operator OOMKills are not observed. (BZ#2177184)
* Previously, non optimized database related flows on deletions caused Multicloud Object Gateway to spike in CPU usage and perform slowly on mass delete scenarios. For example, reclaiming a deleted object bucket claim (OBC). With this fix, indexes for the bucket reclaimer process are optimized, a new index is added to the database to speed up the database cleaner flows, and bucket reclaimer changes are introduced to work on batches of objects. (BZ#2186482)
* Previously, the list of regions for creating the default Multicloud Object Gateway backing store on AWS did not have the new regions that were added recently to AWS. With this fix, the new regions are included to the list of regions and it is possible to deploy default backing store on the new regions. (BZ#2187637)
* Previously, creating a storage system in OpenShift Data Foundation using an external Ceph cluster would fail if the RADOS block device (RBD) pool name contained an underscore (_) or a period(.). With this fix, the Python script (`ceph-external-cluster-details-exporter.py`) is enhanced to contain underscore (_) and period (.) so that an alias for the RBD pool names can be passed in. This alias allows the OpenShift Data Foundation to adopt an external Ceph cluster with RBD pool names containing an underscore(_) or a period(.). (BZ#2188379)
All users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the jsonwebtoken package. The affected versions of the `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm.
8.1 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64 | — |
Vendor Fix
fix
|
Known not affected
66 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x | — |
Threats
Impact
Moderate
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64 | — |
Vendor Fix
fix
|
Known not affected
66 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64 | — | ||
| Unresolved product id: 8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x | — |
Threats
Impact
Moderate
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.12.3 on Red Hat Enterprise Linux 8 from Red Hat Container Registry.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multi-cloud data management service with an S3-compatible API.\n\nSecurity Fix(es):\n\n* jsonwebtoken: Unrestricted key type could lead to legacy keys usagen (CVE-2022-23539)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Previously, odf-csi-addons-operator had low memory resource limit and as a result the odf-csi-addons-operator pod was OOMKilled (out of memory). With this fix, the default memory and the CPU resource limit has been increased and odf-csi-addons-operator OOMKills are not observed. (BZ#2177184)\n\n* Previously, non optimized database related flows on deletions caused Multicloud Object Gateway to spike in CPU usage and perform slowly on mass delete scenarios. For example, reclaiming a deleted object bucket claim (OBC). With this fix, indexes for the bucket reclaimer process are optimized, a new index is added to the database to speed up the database cleaner flows, and bucket reclaimer changes are introduced to work on batches of objects. (BZ#2186482)\n\n* Previously, the list of regions for creating the default Multicloud Object Gateway backing store on AWS did not have the new regions that were added recently to AWS. With this fix, the new regions are included to the list of regions and it is possible to deploy default backing store on the new regions. (BZ#2187637)\n\n* Previously, creating a storage system in OpenShift Data Foundation using an external Ceph cluster would fail if the RADOS block device (RBD) pool name contained an underscore (_) or a period(.). With this fix, the Python script (`ceph-external-cluster-details-exporter.py`) is enhanced to contain underscore (_) and period (.) so that an alias for the RBD pool names can be passed in. This alias allows the OpenShift Data Foundation to adopt an external Ceph cluster with RBD pool names containing an underscore(_) or a period(.). (BZ#2188379)\n\nAll users of Red Hat OpenShift Data Foundation are advised to upgrade to these updated images, which provide these bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3265",
"url": "https://access.redhat.com/errata/RHSA-2023:3265"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "2155978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155978"
},
{
"category": "external",
"summary": "2167304",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167304"
},
{
"category": "external",
"summary": "2174336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2174336"
},
{
"category": "external",
"summary": "2177184",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2177184"
},
{
"category": "external",
"summary": "2179235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179235"
},
{
"category": "external",
"summary": "2180685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180685"
},
{
"category": "external",
"summary": "2180724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2180724"
},
{
"category": "external",
"summary": "2183687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2183687"
},
{
"category": "external",
"summary": "2185190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185190"
},
{
"category": "external",
"summary": "2185725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2185725"
},
{
"category": "external",
"summary": "2186443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186443"
},
{
"category": "external",
"summary": "2186482",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2186482"
},
{
"category": "external",
"summary": "2187765",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187765"
},
{
"category": "external",
"summary": "2187796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187796"
},
{
"category": "external",
"summary": "2187799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2187799"
},
{
"category": "external",
"summary": "2188228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188228"
},
{
"category": "external",
"summary": "2188327",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188327"
},
{
"category": "external",
"summary": "2188667",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188667"
},
{
"category": "external",
"summary": "2190005",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190005"
},
{
"category": "external",
"summary": "2190140",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190140"
},
{
"category": "external",
"summary": "2190393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190393"
},
{
"category": "external",
"summary": "2192821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192821"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3265.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.12.3 Security and Bug fix update",
"tracking": {
"current_release_date": "2026-03-19T23:59:02+00:00",
"generator": {
"date": "2026-03-19T23:59:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:3265",
"initial_release_date": "2023-05-23T09:17:22+00:00",
"revision_history": [
{
"date": "2023-05-23T09:17:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-05-23T09:17:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-19T23:59:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHODF 4.12 for RHEL 8",
"product": {
"name": "RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64",
"product_id": "odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53?arch=amd64\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64",
"product_id": "odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.12.3-4"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64",
"product_id": "odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64",
"product_id": "odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a?arch=amd64\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64",
"product": {
"name": "odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64",
"product_id": "odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64",
"product": {
"name": "odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64",
"product_id": "odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel8-operator\u0026tag=v4.12.3-2"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64",
"product": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64",
"product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.12.3-5"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.12.3-5"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64",
"product_id": "odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64",
"product_id": "odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6?arch=amd64\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.12.3-5"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64",
"product": {
"name": "odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64",
"product_id": "odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.12.3-2"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64",
"product": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64",
"product_id": "odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.12.3-2"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64",
"product": {
"name": "odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64",
"product_id": "odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64",
"product_id": "odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64",
"product_id": "odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64",
"product_id": "odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039?arch=amd64\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.12.3-2"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee?arch=amd64\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.12.3-7"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le",
"product_id": "odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le",
"product_id": "odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.12.3-4"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le",
"product_id": "odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le",
"product_id": "odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le",
"product": {
"name": "odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le",
"product_id": "odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le",
"product": {
"name": "odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le",
"product_id": "odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel8-operator\u0026tag=v4.12.3-2"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le",
"product": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le",
"product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.12.3-5"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.12.3-5"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le",
"product_id": "odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le",
"product_id": "odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.12.3-5"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le",
"product": {
"name": "odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le",
"product_id": "odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.12.3-2"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le",
"product": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le",
"product_id": "odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.12.3-2"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le",
"product": {
"name": "odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le",
"product_id": "odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le",
"product_id": "odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le",
"product_id": "odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le",
"product_id": "odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.12.3-2"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.12.3-7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x",
"product": {
"name": "odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x",
"product_id": "odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2?arch=s390x\u0026repository_url=registry.redhat.io/odf4/cephcsi-rhel8\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x",
"product": {
"name": "odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x",
"product_id": "odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-core-rhel8\u0026tag=v4.12.3-4"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x",
"product": {
"name": "odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x",
"product_id": "odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x",
"product": {
"name": "odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x",
"product_id": "odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec?arch=s390x\u0026repository_url=registry.redhat.io/odf4/mcg-rhel8-operator\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x",
"product": {
"name": "odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x",
"product_id": "odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-client-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x",
"product": {
"name": "odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x",
"product_id": "odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-client-rhel8-operator\u0026tag=v4.12.3-2"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x",
"product": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x",
"product_id": "odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-metrics-exporter-rhel8\u0026tag=v4.12.3-5"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x",
"product": {
"name": "odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x",
"product_id": "odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-must-gather-rhel8\u0026tag=v4.12.3-5"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x",
"product": {
"name": "odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x",
"product_id": "odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x",
"product": {
"name": "odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x",
"product_id": "odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644?arch=s390x\u0026repository_url=registry.redhat.io/odf4/ocs-rhel8-operator\u0026tag=v4.12.3-5"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x",
"product": {
"name": "odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x",
"product_id": "odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-console-rhel8\u0026tag=v4.12.3-2"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x",
"product": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x",
"product_id": "odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x",
"product": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x",
"product_id": "odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-rhel8-operator\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x",
"product": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x",
"product_id": "odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel8\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x",
"product": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x",
"product_id": "odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-console-rhel8\u0026tag=v4.12.3-2"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x",
"product": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x",
"product_id": "odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x",
"product": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x",
"product_id": "odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-multicluster-rhel8-operator\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x",
"product": {
"name": "odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x",
"product_id": "odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x",
"product": {
"name": "odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x",
"product_id": "odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odf-rhel8-operator\u0026tag=v4.12.3-3"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x",
"product": {
"name": "odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x",
"product_id": "odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-cluster-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x",
"product": {
"name": "odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x",
"product_id": "odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-hub-operator-bundle\u0026tag=v4.12.3-17"
}
}
},
{
"category": "product_version",
"name": "odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x",
"product": {
"name": "odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x",
"product_id": "odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438?arch=s390x\u0026repository_url=registry.redhat.io/odf4/odr-rhel8-operator\u0026tag=v4.12.3-2"
}
}
},
{
"category": "product_version",
"name": "odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x",
"product": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x",
"product_id": "odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998?arch=s390x\u0026repository_url=registry.redhat.io/odf4/rook-ceph-rhel8-operator\u0026tag=v4.12.3-7"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64"
},
"product_reference": "odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64"
},
"product_reference": "odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le"
},
"product_reference": "odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64"
},
"product_reference": "odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x"
},
"product_reference": "odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le"
},
"product_reference": "odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64"
},
"product_reference": "odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64"
},
"product_reference": "odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le"
},
"product_reference": "odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x"
},
"product_reference": "odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64"
},
"product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le"
},
"product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x"
},
"product_reference": "odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64"
},
"product_reference": "odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le"
},
"product_reference": "odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le"
},
"product_reference": "odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le"
},
"product_reference": "odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64"
},
"product_reference": "odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x"
},
"product_reference": "odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x"
},
"product_reference": "odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x"
},
"product_reference": "odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64"
},
"product_reference": "odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x"
},
"product_reference": "odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le"
},
"product_reference": "odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64"
},
"product_reference": "odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64"
},
"product_reference": "odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64"
},
"product_reference": "odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le"
},
"product_reference": "odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x"
},
"product_reference": "odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64"
},
"product_reference": "odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le"
},
"product_reference": "odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64"
},
"product_reference": "odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x"
},
"product_reference": "odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x"
},
"product_reference": "odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64 as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64",
"relates_to_product_reference": "8Base-RHODF-4.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x as a component of RHODF 4.12 for RHEL 8",
"product_id": "8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x"
},
"product_reference": "odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x",
"relates_to_product_reference": "8Base-RHODF-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-23539",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"discovery_date": "2022-12-23T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2155978"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jsonwebtoken package. The affected versions of the `jsonwebtoken` library could be misconfigured so that legacy, insecure key types are used for signature verification. For example, DSA keys could be used with the RS256 algorithm.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsonwebtoken: Unrestricted key type could lead to legacy keys usagen",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The jsonwebtoken package is a transitive dependency and is not used directly in any of the Red Hat products. Hence, the impact is set to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64"
],
"known_not_affected": [
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-23539"
},
{
"category": "external",
"summary": "RHBZ#2155978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2155978"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-23539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23539"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-23539",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23539"
},
{
"category": "external",
"summary": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33",
"url": "https://github.com/auth0/node-jsonwebtoken/security/advisories/GHSA-8cf7-32gw-wr33"
}
],
"release_date": "2022-12-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-23T09:17:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jsonwebtoken: Unrestricted key type could lead to legacy keys usagen"
},
{
"cve": "CVE-2022-24999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150323"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: \"qs\" prototype poisoning causes the hang of the node process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64"
],
"known_not_affected": [
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24999"
},
{
"category": "external",
"summary": "RHBZ#2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/pull/428",
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"category": "external",
"summary": "https://github.com/n8tz/CVE-2022-24999",
"url": "https://github.com/n8tz/CVE-2022-24999"
}
],
"release_date": "2022-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-05-23T09:17:22+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:55c1cdf2a7c32c5e32eb2ff3372bbb3b46e3b2da39cca535db32a7aefbbb73a6_ppc64le",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:659ceb51c00824013f07d159bd689433ce41068f010b006047b750f75f134cb2_s390x",
"8Base-RHODF-4.12:odf4/cephcsi-rhel8@sha256:db90c6bf02b4e7b40538ed52ee4e3d27733c24bf434610277b26b2ee5ae32f53_amd64",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:22cd2909e1b21b9ab56dc491fefb309a8a9088d85c928901b293267bb4efa6c7_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:5e7b40a8f03ee5a607eb911b2fe731c9fe65bfa8a54067c0987d94f02ff8bef9_s390x",
"8Base-RHODF-4.12:odf4/mcg-core-rhel8@sha256:e0c221ae29034b17db88998d4703a1d515778d17a8ce40737fa711fad2726c5c_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:0d03a74a889701f101ec0b3d454a8ad133a58a020b05e84addbd0c0393c62b45_amd64",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:b20a7b4b7e31cbb0edac695572c6ea28075e260a8c68b6135a9dd25af2dc3460_s390x",
"8Base-RHODF-4.12:odf4/mcg-operator-bundle@sha256:bf058dd17e1f5b3c5b2ac4ea900eaf5fdd383564430aa6d0eaf0a7ae43f4feb7_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:2a393d0fe0de3da3358b578b123283f21b2433c6d50f1c512a48732409d11fce_ppc64le",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:7c84f6197194047448c2d39d7d880555baf521d9c462e23b5342652eebcee3ec_s390x",
"8Base-RHODF-4.12:odf4/mcg-rhel8-operator@sha256:cd09a1ccd0b8795385d965ccf2910c231ee5f08c7d62ef4725a59b553192595a_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:0d4efd40efb2fbac2fd4b31e08ec36ddc2a5c7a558f83a1a1b41ab27be8c71c6_s390x",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:25252d3fabe165984b424b74437c428dc4f635aba06e245b3a1cc5e309bdf9df_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-client-operator-bundle@sha256:572921e5851d187787f22b25f349dee75d0383e959440372a159acc8dd7c17a1_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:0f05a9eb9f6528447456ffab6f86a354990745c7d994095b4c9fa8a9748159ea_amd64",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:7d55b8c8f830ef6e54078ad66c79b69e356d2e4cd391f60db6be473033f299a5_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-client-rhel8-operator@sha256:ed6b5f49ec14f96b5be3b1e858648a613278713ca3e413b4172e6f57c5922d2f_s390x",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:39c37b2a5cb55ca71c823b74f0b4c75ac61ef88d7f22c7abadc9b1ef5d077b20_amd64",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:6d4dbcdd641b71ef7e6c6269a8a706fddaa2d137ca5e2d07c29766e620de205f_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-metrics-exporter-rhel8@sha256:7c4ab2dca6e1ebc5b89014e4ec253e19473d6ae44f0d150dd8e7d22458056300_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:68992b4619ea57b8ab612278c1a02782b855b57bd436ae2c2395b6c55211d816_s390x",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:89a3457444d77fcc15546138ad259e2ccb29bfd7007dcb3dc3639c5a47c799c3_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-must-gather-rhel8@sha256:fa7d06a3c4204ee865eb284393faefacdd2113fa5bdb7412c3b7b6473852832b_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:5a7bc8abfd378a1314ebea571ba0483abaca80867fe7fdc1d0cb99772981a503_s390x",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:ace10d33f03530bad02e5f5aade65ebdb78e42e664a62595e510d4edabd64f60_amd64",
"8Base-RHODF-4.12:odf4/ocs-operator-bundle@sha256:d4bec711f42d23753357d1e73be1e35d6781424d22b295371d9622dccc0b33aa_ppc64le",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:b9d941ef97de91ce2c67405c956f308ac39a966f88901cb7299c7d32f15fc1f6_amd64",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:c5bb36336e3280dbc6fe2f969c73f40f31fbdfecf89e55b0bb8d2b83fa579644_s390x",
"8Base-RHODF-4.12:odf4/ocs-rhel8-operator@sha256:e5ca033f2b87a40dc028df91b14c5fd92342f6599ff07b08b0c5a7f06b9e3257_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:6f1fc5945bafbf023825d576e2994f484eff88c7c34fcbd8a2234a7b144b42c1_ppc64le",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:7918fcabebe3d881e2a6bbcb424ac6b99bd96f13775eb3f9c455b7890c728873_amd64",
"8Base-RHODF-4.12:odf4/odf-console-rhel8@sha256:b3d6539df6ca21e8bfb772991cf1c0103ad20388159996e83f6f400a64d93a89_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:5c7ff483da2eb34694a59d2826d0e18309aff8f254650008ecfb5c03629d9442_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:b1fad19bb8ed92f5340ba5cfaa2c6f435831712d384e0c222bb997cbb811c4be_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-operator-bundle@sha256:c58240dff0db8328d56d36fd2bcdcdfdb43ebaebbe445628150e6e6079439ae6_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:3245c50b363c3cadf2758934e273ffe8fcac489a303d2c39afea79abac1b52fb_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:40c893b1ee61cb6f174da357578299bf21e26fd1dca73fc4d0664da564df84f1_amd64",
"8Base-RHODF-4.12:odf4/odf-csi-addons-rhel8-operator@sha256:f6a9c322c4dff132bbf01d1fc088a5988b5174ca953054c7d722bbd837b7d23b_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:06b915bf990e0a8b3679ad5fab4a98c155b02a88110d47429fc26c4b7fc54ca0_ppc64le",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:8f812808ce2767198968eb49004d1d0a6b70cb5ad19f306e78c84c1aa7b3775c_s390x",
"8Base-RHODF-4.12:odf4/odf-csi-addons-sidecar-rhel8@sha256:ceaafe96af89589eb486ba74733e34ee3e202c346aad2773ed70d707ad7e2d42_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:390481a9f0f0769056df89f5ce3cb2fbbeadf0e2f8d44469f68a9291e2d9fa48_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:9eafc473d37d35fe5a84b36b8d3bf9876f529efd8b37ef4ff738cecb8b0f5389_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-console-rhel8@sha256:c6984aabd7dae84be1a3b114ca36d4cdc655b271000540709ce978ad4e3e7159_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:2afd8dc3f15a7eadad49f3c18d00ef9136dbf59f26e5b8345b16f92233dbd352_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:4e36ce74a62b99f65ff1ce1a6b228ea34b5f6a18a5aad490ac2316ae141f4f2a_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-operator-bundle@sha256:b4aaf641c7117bea99bcf3bb2f58409935b22e72039105c5aa3f086f04775f7b_amd64",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:2d18752f56076d91b6fcbdad4e934cada87ba270532c522e7da2239f5b6f6d7d_ppc64le",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:ce78718d4271a615f37066af652439409f7e7dcf2c5734185a3961c8e83ac4b4_s390x",
"8Base-RHODF-4.12:odf4/odf-multicluster-rhel8-operator@sha256:d3e3b0788e28b8c82b770b2db622f2d9dfa83ac2b3f7a4e37742565089dc8fd8_amd64",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:75bab2b59593c31c4ae170b02f45ab193f8b5fb37eae53998bd2069662fc0efc_ppc64le",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:a912aa614bfd273fb6e6da47c32d00ca5aa4a45af3edfeb5f9f870ba4797a5ec_s390x",
"8Base-RHODF-4.12:odf4/odf-operator-bundle@sha256:f6182960abfce0ccb509a25ab8fb8780a8e2d73852d589e8295c16d992bb2ff6_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:1e3deb6461dae99c94b20f70e4c155551e8579287c1696f752a89c8098953f8d_s390x",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:cd5ed37c3bd5ad385a3a88dc290456dbde3ba6af2501750a3d1ce25d40e82401_amd64",
"8Base-RHODF-4.12:odf4/odf-rhel8-operator@sha256:f53714b582b603bc851349cc4804f27235940fd577ed5b86ccad836a31ddc3fb_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:78a8b463c8d4161b556c821210eae69243fc73ceb90db49f4ca055a38acde6e0_s390x",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:7c89ebe7245e3514f6e63d1eca3247b0922e88d232b41c43245d2594e29b27d7_ppc64le",
"8Base-RHODF-4.12:odf4/odr-cluster-operator-bundle@sha256:8e0d79006984c3501ea066054cca610b92c109183ae13969c0e81ee03acedc84_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:2d884bb224a503deb344ac6a4895d6a6d0fe5ab364651eecf923204507c9c92b_ppc64le",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:666c7cec9f2fd6d91b1839fd85576d84d0856a03b27e341e12f9c28ad301f594_amd64",
"8Base-RHODF-4.12:odf4/odr-hub-operator-bundle@sha256:c143b2cb9690b850b28d2f5c5394d5e4abefd5404fb41a17c5106058ff241286_s390x",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:79b66652c0aea87822f578c55963ca948b2e1697caad5ea460e6555a78136039_amd64",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:aa26f97020ed13ab7092b7a0aa05458a8775e4b4e936e4b9df9a96297df1f5b8_ppc64le",
"8Base-RHODF-4.12:odf4/odr-rhel8-operator@sha256:eafa31da6f87efcf476ab63d3b11ed8c7a42e67ef42a2494e70a5fe085e40438_s390x",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:198645ebf6a69810821c2d7644347b8abf918d89bbc2fcfc880ec28e924598f2_ppc64le",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:460433c554ff60bbac0b3dd267c6a0ab65c4837df3b2e5052e86f6e9145833ee_amd64",
"8Base-RHODF-4.12:odf4/rook-ceph-rhel8-operator@sha256:72c63ded186464f185d399145e25ed21ea1a07c52ab842eebdaff224cc2e7998_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: \"qs\" prototype poisoning causes the hang of the node process"
}
]
}
RHSA-2023:3645
Vulnerability from csaf_redhat - Published: 2023-06-15 20:55 - Updated: 2026-05-28 02:28Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.7 security update
Severity
Moderate
Notes
Topic: Red Hat OpenShift Service Mesh 2.2.7
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.
This advisory covers the RPM packages for the release.
Security Fix(es):
* mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)
* async: Prototype Pollution in async (CVE-2021-43138)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* terser: insecure use of regular expressions leads to ReDoS (CVE-2022-25858)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documents.
6.5 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64 | — |
Threats
Impact
Moderate
A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method.
7.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64 | — |
Threats
Impact
Moderate
A vulnerability was found in the terser package. Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availability.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64 | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x | — | ||
| Unresolved product id: 8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64 | — |
Threats
Impact
Moderate
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 2.2.7\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nThis advisory covers the RPM packages for the release.\n\nSecurity Fix(es):\n\n* mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)\n* async: Prototype Pollution in async (CVE-2021-43138)\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n* terser: insecure use of regular expressions leads to ReDoS (CVE-2022-25858)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:3645",
"url": "https://access.redhat.com/errata/RHSA-2023:3645"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1971033",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971033"
},
{
"category": "external",
"summary": "2126276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126276"
},
{
"category": "external",
"summary": "2126277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126277"
},
{
"category": "external",
"summary": "2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "OSSM-3596",
"url": "https://issues.redhat.com/browse/OSSM-3596"
},
{
"category": "external",
"summary": "OSSM-3720",
"url": "https://issues.redhat.com/browse/OSSM-3720"
},
{
"category": "external",
"summary": "OSSM-3783",
"url": "https://issues.redhat.com/browse/OSSM-3783"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3645.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.2.7 security update",
"tracking": {
"current_release_date": "2026-05-28T02:28:45+00:00",
"generator": {
"date": "2026-05-28T02:28:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:3645",
"initial_release_date": "2023-06-15T20:55:50+00:00",
"revision_history": [
{
"date": "2023-06-15T20:55:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-06-15T20:55:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-28T02:28:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOSSM 2.2 for RHEL 8",
"product": {
"name": "RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.2::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.2.7-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.48.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.2.7-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.2.7-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.2.7-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.48.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.2.7-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.2.7-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"product": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"product": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"product_id": "openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.2.7-3"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"product": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"product_id": "openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.48.6-1"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"product": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"product": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"product_id": "openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"product": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"product_id": "openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"product_identification_helper": {
"purl": "pkg:oci/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/prometheus-rhel8\u0026tag=2.2.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"product": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"product_identification_helper": {
"purl": "pkg:oci/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.2.7-6"
}
}
},
{
"category": "product_version",
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"product": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.2.7-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64"
},
"product_reference": "openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64"
},
"product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le"
},
"product_reference": "openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le"
},
"product_reference": "openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
},
"product_reference": "openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64"
},
"product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64 as a component of RHOSSM 2.2 for RHEL 8",
"product_id": "8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
},
"product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64",
"relates_to_product_reference": "8Base-RHOSSM-2.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20329",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2021-06-10T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1971033"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Mongo. Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshaling Go objects into BSON. This flaw allows a malicious user to use a Go object with a specific string to inject additional fields into marshaled documents.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mongo-go-driver: specific cstrings input may not be properly validated",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-20329"
},
{
"category": "external",
"summary": "RHBZ#1971033",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1971033"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-20329",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20329"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-20329",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20329"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-f6mq-5m25-4r72",
"url": "https://github.com/advisories/GHSA-f6mq-5m25-4r72"
},
{
"category": "external",
"summary": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1",
"url": "https://github.com/mongodb/mongo-go-driver/releases/tag/v1.5.1"
}
],
"release_date": "2021-03-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T20:55:50+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3645"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mongo-go-driver: specific cstrings input may not be properly validated"
},
{
"cve": "CVE-2021-43138",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-09-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126276"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the async package. This flaw allows a malicious user to obtain privileges via the mapValues() method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "async: Prototype Pollution in async",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-43138"
},
{
"category": "external",
"summary": "RHBZ#2126276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126276"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-43138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43138"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25",
"url": "https://github.com/advisories/GHSA-fwr7-v2mv-hh25"
}
],
"release_date": "2022-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T20:55:50+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3645"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "async: Prototype Pollution in async"
},
{
"cve": "CVE-2022-24999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150323"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: \"qs\" prototype poisoning causes the hang of the node process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24999"
},
{
"category": "external",
"summary": "RHBZ#2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/pull/428",
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"category": "external",
"summary": "https://github.com/n8tz/CVE-2022-24999",
"url": "https://github.com/n8tz/CVE-2022-24999"
}
],
"release_date": "2022-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T20:55:50+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3645"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: \"qs\" prototype poisoning causes the hang of the node process"
},
{
"cve": "CVE-2022-25858",
"discovery_date": "2022-09-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2126277"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the terser package. Affected versions of this package are vulnerable to Regular expression denial of service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "terser: insecure use of regular expressions leads to ReDoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Do (odo) product terser is shipped only for using in static page generators for upstream, thus this represents no security risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"known_not_affected": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25858"
},
{
"category": "external",
"summary": "RHBZ#2126277",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2126277"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25858",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25858"
}
],
"release_date": "2022-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-06-15T20:55:50+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:3645"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/istio-must-gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x",
"8Base-RHOSSM-2.2:openshift-service-mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "terser: insecure use of regular expressions leads to ReDoS"
}
]
}
WID-SEC-W-2023-0398
Vulnerability from csaf_certbund - Published: 2023-02-15 23:00 - Updated: 2023-03-22 23:00Summary
Red Hat Advanced Cluster Management for Kubernetes: Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle im Red Hat Advanced Cluster Management for Kubernetes ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Es existiert eine Schwachstelle in Red Hat Enterprise Linux bezüglich des Advanced Cluster Management for Kubernetes. In der Komponente "qs" besteht die Anfälligkeit für eine Prototype-Pollution, die zum Absturz des "Node"-Prozesses führen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuführen.
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift 5 Logging Subsystem
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:5::logging_subsystem
|
— | |
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
— | |
|
Red Hat OpenShift Logging Subsystem 5.6.3
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:5.6.3::logging_subsystem
|
— |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle im Red Hat Advanced Cluster Management for Kubernetes ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0398 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0398.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0398 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0398"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:1428 vom 2023-03-23",
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0930 vom 2023-03-09",
"url": "https://access.redhat.com/errata/RHSA-2023:0930"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0932 vom 2023-03-09",
"url": "https://access.redhat.com/errata/RHSA-2023:0932"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2023:0934 vom 2023-02-28",
"url": "https://access.redhat.com/errata/RHSA-2023:0934"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2023-02-15",
"url": "https://access.redhat.com/errata/RHSA-2023:0794"
}
],
"source_lang": "en-US",
"title": "Red Hat Advanced Cluster Management for Kubernetes: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2023-03-22T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:43:51.520+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0398",
"initial_release_date": "2023-02-15T23:00:00.000+00:00",
"revision_history": [
{
"date": "2023-02-15T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-02-27T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-08T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2023-03-22T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux 8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T014111",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift 5 Logging Subsystem",
"product": {
"name": "Red Hat OpenShift 5 Logging Subsystem",
"product_id": "T026681",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:5::logging_subsystem"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift Logging Subsystem 5.6.3",
"product": {
"name": "Red Hat OpenShift Logging Subsystem 5.6.3",
"product_id": "T026683",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:5.6.3::logging_subsystem"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24999",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat Enterprise Linux bez\u00fcglich des Advanced Cluster Management for Kubernetes. In der Komponente \"qs\" besteht die Anf\u00e4lligkeit f\u00fcr eine Prototype-Pollution, die zum Absturz des \"Node\"-Prozesses f\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T026681",
"67646",
"T014111",
"T026683"
]
},
"release_date": "2023-02-15T23:00:00.000+00:00",
"title": "CVE-2022-24999"
}
]
}
WID-SEC-W-2023-0809
Vulnerability from csaf_certbund - Published: 2023-03-30 22:00 - Updated: 2024-02-19 23:00Summary
IBM QRadar SIEM: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Betroffene Betriebssysteme: - Linux
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen oder unbekannte Auswirkungen zu verursachen.
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM 7.5
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.5
|
7.5 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0809 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0809.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0809 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0809"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6967283 vom 2023-03-30",
"url": "https://www.ibm.com/support/pages/node/6967283"
},
{
"category": "external",
"summary": "IBM Security Bulletin: 6967333 vom 2023-03-30",
"url": "https://www.ibm.com/support/pages/node/6967333"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6980799 vom 2023-04-04",
"url": "https://www.ibm.com/support/pages/node/6980799"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7108657 vom 2024-01-17",
"url": "https://www.ibm.com/support/pages/node/7108657"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-5ECC250449 vom 2024-02-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5ecc250449"
}
],
"source_lang": "en-US",
"title": "IBM QRadar SIEM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-02-19T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:47:38.606+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0809",
"initial_release_date": "2023-03-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-03-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-04-04T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-16T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-02-19T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Fedora aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003c User Behavior Analytics 4.1.11",
"product": {
"name": "IBM QRadar SIEM \u003c User Behavior Analytics 4.1.11",
"product_id": "T027026"
}
},
{
"category": "product_version_range",
"name": "\u003c 7.4.3 FP9",
"product": {
"name": "IBM QRadar SIEM \u003c 7.4.3 FP9",
"product_id": "T027027"
}
},
{
"category": "product_version_range",
"name": "\u003c 7.5.0 UP5",
"product": {
"name": "IBM QRadar SIEM \u003c 7.5.0 UP5",
"product_id": "T027028"
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-22809",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2023-22809"
},
{
"cve": "CVE-2022-4883",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-4883"
},
{
"cve": "CVE-2022-46364",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-46364"
},
{
"cve": "CVE-2022-46363",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-46363"
},
{
"cve": "CVE-2022-45143",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-45143"
},
{
"cve": "CVE-2022-42890",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-42890"
},
{
"cve": "CVE-2022-4254",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-4254"
},
{
"cve": "CVE-2022-42252",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-42252"
},
{
"cve": "CVE-2022-41966",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-41966"
},
{
"cve": "CVE-2022-41946",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-41946"
},
{
"cve": "CVE-2022-41704",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-41704"
},
{
"cve": "CVE-2022-40156",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40156"
},
{
"cve": "CVE-2022-40155",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40155"
},
{
"cve": "CVE-2022-40154",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40154"
},
{
"cve": "CVE-2022-40153",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40153"
},
{
"cve": "CVE-2022-40152",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40152"
},
{
"cve": "CVE-2022-40150",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40150"
},
{
"cve": "CVE-2022-40149",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-40149"
},
{
"cve": "CVE-2022-37603",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-37603"
},
{
"cve": "CVE-2022-37601",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-37601"
},
{
"cve": "CVE-2022-37599",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-37599"
},
{
"cve": "CVE-2022-37598",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-37598"
},
{
"cve": "CVE-2022-3676",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-3676"
},
{
"cve": "CVE-2022-36364",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-36364"
},
{
"cve": "CVE-2022-36033",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-36033"
},
{
"cve": "CVE-2022-34917",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-34917"
},
{
"cve": "CVE-2022-31197",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-31197"
},
{
"cve": "CVE-2022-31129",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-2964",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-2964"
},
{
"cve": "CVE-2022-28733",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-28733"
},
{
"cve": "CVE-2022-2795",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-2795"
},
{
"cve": "CVE-2022-25927",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-25927"
},
{
"cve": "CVE-2022-25901",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-25901"
},
{
"cve": "CVE-2022-25758",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-25758"
},
{
"cve": "CVE-2022-25647",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-25647"
},
{
"cve": "CVE-2022-24999",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-24999"
},
{
"cve": "CVE-2022-24839",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-24839"
},
{
"cve": "CVE-2022-24823",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-24823"
},
{
"cve": "CVE-2022-24785",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-24785"
},
{
"cve": "CVE-2022-23437",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-23437"
},
{
"cve": "CVE-2022-22971",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-22971"
},
{
"cve": "CVE-2022-22970",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-22970"
},
{
"cve": "CVE-2022-21724",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-21724"
},
{
"cve": "CVE-2022-21628",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-21628"
},
{
"cve": "CVE-2022-21626",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-21626"
},
{
"cve": "CVE-2022-21624",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-21624"
},
{
"cve": "CVE-2022-21619",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2022-21619"
},
{
"cve": "CVE-2021-43797",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-43797"
},
{
"cve": "CVE-2021-42740",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-42740"
},
{
"cve": "CVE-2021-42581",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-42581"
},
{
"cve": "CVE-2021-39227",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-39227"
},
{
"cve": "CVE-2021-3918",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-3918"
},
{
"cve": "CVE-2021-3807",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2021-37713",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-37713"
},
{
"cve": "CVE-2021-37712",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-37712"
},
{
"cve": "CVE-2021-37701",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-37701"
},
{
"cve": "CVE-2021-3765",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-3765"
},
{
"cve": "CVE-2021-37137",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-37137"
},
{
"cve": "CVE-2021-37136",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-37136"
},
{
"cve": "CVE-2021-32804",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-32804"
},
{
"cve": "CVE-2021-32803",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-32803"
},
{
"cve": "CVE-2021-29060",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-29060"
},
{
"cve": "CVE-2021-26401",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-26401"
},
{
"cve": "CVE-2021-25220",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-25220"
},
{
"cve": "CVE-2021-23450",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-23450"
},
{
"cve": "CVE-2021-23382",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-23382"
},
{
"cve": "CVE-2021-23368",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-23368"
},
{
"cve": "CVE-2021-23364",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-23364"
},
{
"cve": "CVE-2021-23362",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-23362"
},
{
"cve": "CVE-2021-23343",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-23343"
},
{
"cve": "CVE-2021-21409",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-21409"
},
{
"cve": "CVE-2021-21295",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-21295"
},
{
"cve": "CVE-2021-21290",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2021-21290"
},
{
"cve": "CVE-2020-7764",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2020-7764"
},
{
"cve": "CVE-2020-5259",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2020-5259"
},
{
"cve": "CVE-2020-24025",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2020-24025"
},
{
"cve": "CVE-2020-15366",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2020-15366"
},
{
"cve": "CVE-2020-13936",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2020-13936"
},
{
"cve": "CVE-2019-6286",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2019-6286"
},
{
"cve": "CVE-2019-6284",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2019-6284"
},
{
"cve": "CVE-2019-6283",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2019-6283"
},
{
"cve": "CVE-2019-10785",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2019-10785"
},
{
"cve": "CVE-2018-8036",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2018-8036"
},
{
"cve": "CVE-2018-20821",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2018-20821"
},
{
"cve": "CVE-2018-20190",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2018-20190"
},
{
"cve": "CVE-2018-19839",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2018-19839"
},
{
"cve": "CVE-2018-19838",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2018-19838"
},
{
"cve": "CVE-2018-19827",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2018-19827"
},
{
"cve": "CVE-2018-19797",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2018-19797"
},
{
"cve": "CVE-2018-15494",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2018-15494"
},
{
"cve": "CVE-2018-11698",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2018-11698"
},
{
"cve": "CVE-2018-11694",
"notes": [
{
"category": "description",
"text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Software-Komponenten von QRadar. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, Informationen falsch darzustellen, einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren oder unbekannte Auswirkungen zu verursachen."
}
],
"product_status": {
"known_affected": [
"T022954",
"74185"
]
},
"release_date": "2023-03-30T22:00:00.000+00:00",
"title": "CVE-2018-11694"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…