Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-21536 (GCVE-0-2024-21536)
Vulnerability from cvelistv5 – Published: 2024-10-19 05:00 – Updated: 2024-10-21 16:31
VLAI
EPSS
Summary
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
Severity
CWE
- CWE-400 - Denial of Service (DoS)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | http-proxy-middleware |
Affected:
0 , < 2.0.7
(semver)
Affected: 3.0.0 , < 3.0.3 (semver) |
Credits
Marc Hassan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "http-proxy-middleware",
"vendor": "chimurai",
"versions": [
{
"lessThan": "2.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21536",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T15:20:45.568615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:31:29.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "http-proxy-middleware",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.0.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Marc Hassan"
}
],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Denial of Service (DoS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T11:22:36.064Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
},
{
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2024-21536",
"datePublished": "2024-10-19T05:00:04.056Z",
"dateReserved": "2023-12-22T12:33:20.123Z",
"dateUpdated": "2024-10-21T16:31:29.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-21536",
"date": "2026-05-30",
"epss": "0.00364",
"percentile": "0.58702"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-21536\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2024-10-19T05:15:13.097\",\"lastModified\":\"2024-11-01T18:03:15.897\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.\"},{\"lang\":\"es\",\"value\":\"Las versiones del paquete http-proxy-middleware anteriores a la 2.0.7, a la 3.0.0 y a la 3.0.3 es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) debido a un error UnhandledPromiseRejection generado por micromatch. Un atacante podr\u00eda matar el proceso Node.js y bloquear el servidor al realizar solicitudes a determinadas rutas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.7\",\"matchCriteriaId\":\"A1C31D2C-0CB7-4D28-8658-42632A65F7F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.0.3\",\"matchCriteriaId\":\"A89EB4F5-1978-4172-A52D-8504F87E110E\"}]}]}],\"references\":[{\"url\":\"https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21536\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-21T15:20:45.568615Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*\"], \"vendor\": \"chimurai\", \"product\": \"http-proxy-middleware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.0.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.3\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T15:47:24.380Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Marc Hassan\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"http-proxy-middleware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.0.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"3.0.0\", \"lessThan\": \"3.0.3\", \"versionType\": \"semver\"}]}], \"references\": [{\"url\": \"https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906\"}, {\"url\": \"https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a\"}, {\"url\": \"https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22\"}, {\"url\": \"https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-400\", \"description\": \"Denial of Service (DoS)\"}]}], \"providerMetadata\": {\"orgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"shortName\": \"snyk\", \"dateUpdated\": \"2024-10-21T11:22:36.064Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-21536\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-21T16:31:29.125Z\", \"dateReserved\": \"2023-12-22T12:33:20.123Z\", \"assignerOrgId\": \"bae035ff-b466-4ff4-94d0-fc9efd9e1730\", \"datePublished\": \"2024-10-19T05:00:04.056Z\", \"assignerShortName\": \"snyk\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-1081
Vulnerability from certfr_avis - Published: 2024-12-13 - Updated: 2024-12-13
De multiples vulnérabilités ont été découvertes dans les produits IBM.Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar Suite Software | QRadar Suite Software versions antérieures à 1.11.0.0 | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP10 IF02 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 4.8.x à 5.0.x antérieures à 5.1 | ||
| IBM | QRadar Incident Forensics | QRadar Incident Forensics 7.5.x antérieures à 7.5.0 UP10 IF02 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.11.0.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10 IF02",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 4.8.x \u00e0 5.0.x ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Incident Forensics 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP10 IF02",
"product": {
"name": "QRadar Incident Forensics",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"name": "CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"name": "CVE-2024-7006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2023-31582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31582"
},
{
"name": "CVE-2023-23613",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23613"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-38998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38998"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-45491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-41917",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41917"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2024-41755",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41755"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2024-38372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38372"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2023-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2024-38999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-38986",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38986"
},
{
"name": "CVE-2022-41915",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41915"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2024-52318",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52318"
},
{
"name": "CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"name": "CVE-2023-33546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33546"
},
{
"name": "CVE-2024-41818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41818"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2024-52317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52317"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2024-52316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52316"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2023-23612",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23612"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"initial_release_date": "2024-12-13T00:00:00",
"last_revision_date": "2024-12-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1081",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177766",
"url": "https://www.ibm.com/support/pages/node/7177766"
},
{
"published_at": "2024-12-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178224",
"url": "https://www.ibm.com/support/pages/node/7178224"
},
{
"published_at": "2024-12-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178556",
"url": "https://www.ibm.com/support/pages/node/7178556"
}
]
}
CERTFR-2025-AVI-0045
Vulnerability from certfr_avis - Published: 2025-01-17 - Updated: 2025-01-17
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar Log Source Management App | QRadar Log Source Management App versions antérieures à 7.0.11 | ||
| IBM | Db2 Query Management Facility | DB2 Query Management Facility versions 13.1.1 et 13.1.2 sans la dernière version du JRE |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Log Source Management App versions ant\u00e9rieures \u00e0 7.0.11",
"product": {
"name": "QRadar Log Source Management App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Query Management Facility versions 13.1.1 et 13.1.2 sans la derni\u00e8re version du JRE",
"product": {
"name": "Db2 Query Management Facility",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-42459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42459"
},
{
"name": "CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-42460",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42460"
},
{
"name": "CVE-2024-22361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22361"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-47068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47068"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-42461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42461"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"initial_release_date": "2025-01-17T00:00:00",
"last_revision_date": "2025-01-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0045",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180895",
"url": "https://www.ibm.com/support/pages/node/7180895"
},
{
"published_at": "2025-01-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180894",
"url": "https://www.ibm.com/support/pages/node/7180894"
},
{
"published_at": "2025-01-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7180725",
"url": "https://www.ibm.com/support/pages/node/7180725"
}
]
}
CERTFR-2025-AVI-0170
Vulnerability from certfr_avis - Published: 2025-02-28 - Updated: 2025-02-28
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 12.2.4 IF4 | ||
| IBM | QRadar | QRadar Data Synchronization versions antérieures à 3.2.1 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 iFix 02 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x sans le correctif de sécurité temporaire PH16353 ou antérieures à 9.0.5.2 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.x antérieures à 6.1.0.2 iFix 02 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de sécurité | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 IF2 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 iFix 02 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.1 iFix 01 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 12.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization versions ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x sans le correctif de s\u00e9curit\u00e9 temporaire PH16353 ou ant\u00e9rieures \u00e0 9.0.5.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.1 iFix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35946"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2015-7450",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7450"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2018-19797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19797"
},
{
"name": "CVE-2023-28523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28523"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2023-31124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2018-19827",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19827"
},
{
"name": "CVE-2018-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11694"
},
{
"name": "CVE-2024-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39331"
},
{
"name": "CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2024-30205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
},
{
"name": "CVE-2024-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40094"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-31147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-56340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56340"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2024-45216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45216"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-28527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28527"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-6286",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6286"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2018-19839",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19839"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-45217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45217"
},
{
"name": "CVE-2024-38999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2018-20821",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20821"
},
{
"name": "CVE-2019-6283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6283"
},
{
"name": "CVE-2023-35947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35947"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
},
{
"name": "CVE-2018-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20190"
},
{
"name": "CVE-2023-28526",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28526"
},
{
"name": "CVE-2023-28155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28155"
},
{
"name": "CVE-2018-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11698"
},
{
"name": "CVE-2025-0823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0823"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"initial_release_date": "2025-02-28T00:00:00",
"last_revision_date": "2025-02-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0170",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7183676",
"url": "https://www.ibm.com/support/pages/node/7183676"
},
{
"published_at": "2019-11-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 1107105",
"url": "https://www.ibm.com/support/pages/node/1107105"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184475",
"url": "https://www.ibm.com/support/pages/node/7184475"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184474",
"url": "https://www.ibm.com/support/pages/node/7184474"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184092",
"url": "https://www.ibm.com/support/pages/node/7184092"
},
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184217",
"url": "https://www.ibm.com/support/pages/node/7184217"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184476",
"url": "https://www.ibm.com/support/pages/node/7184476"
}
]
}
FKIE_CVE-2024-21536
Vulnerability from fkie_nvd - Published: 2024-10-19 05:15 - Updated: 2024-11-01 18:03
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| chimurai | http-proxy-middleware | * | |
| chimurai | http-proxy-middleware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1C31D2C-0CB7-4D28-8658-42632A65F7F3",
"versionEndExcluding": "2.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A89EB4F5-1978-4172-A52D-8504F87E110E",
"versionEndExcluding": "3.0.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths."
},
{
"lang": "es",
"value": "Las versiones del paquete http-proxy-middleware anteriores a la 2.0.7, a la 3.0.0 y a la 3.0.3 es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) debido a un error UnhandledPromiseRejection generado por micromatch. Un atacante podr\u00eda matar el proceso Node.js y bloquear el servidor al realizar solicitudes a determinadas rutas."
}
],
"id": "CVE-2024-21536",
"lastModified": "2024-11-01T18:03:15.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "report@snyk.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-19T05:15:13.097",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"source": "report@snyk.io",
"tags": [
"Patch"
],
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"source": "report@snyk.io",
"tags": [
"Patch"
],
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"source": "report@snyk.io",
"tags": [
"Third Party Advisory"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "report@snyk.io",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-C7QV-Q95Q-8V27
Vulnerability from github – Published: 2024-10-19 06:30 – Updated: 2024-10-22 19:47
VLAI
Summary
Denial of service in http-proxy-middleware
Details
Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "http-proxy-middleware"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "http-proxy-middleware"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-21536"
],
"database_specific": {
"cwe_ids": [
"CWE-400"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-22T19:47:41Z",
"nvd_published_at": "2024-10-19T05:15:13Z",
"severity": "HIGH"
},
"details": "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.",
"id": "GHSA-c7qv-q95q-8v27",
"modified": "2024-10-22T19:47:41Z",
"published": "2024-10-19T06:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"type": "WEB",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"type": "WEB",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"type": "WEB",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"type": "PACKAGE",
"url": "https://github.com/chimurai/http-proxy-middleware"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Denial of service in http-proxy-middleware"
}
GSD-2024-21536
Vulnerability from gsd - Updated: 2023-12-23 06:02Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-21536"
],
"id": "GSD-2024-21536",
"modified": "2023-12-23T06:02:09.421580Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-21536",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
RHBA-2024:11265
Vulnerability from csaf_redhat - Published: 2024-12-17 15:12 - Updated: 2026-04-30 13:27Summary
Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.4.0 release.
Severity
Important
Notes
Topic: Red Hat Developer Hub 1.4 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Threats
Impact
Low
A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the backstage/plugin-catalog-backend package. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A directory traversal vulnerability was found in the backstage/plugin-techdocs-backend package. When using the AWS S3 or GCS storage provider for TechDocs, it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the backstage/plugin-techdocs-backend package. An attacker with control of the contents of the TechDocs storage buckets may be able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the backstage/plugin-app-backend package. Configurations supplied through APP_CONFIG_* environment variables unexpectedly ignore the visibility defined in the configuration schema, potentially exposing sensitive configuration details intended to remain private or restricted to backend processes.
5.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
63 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.4 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2024:11265",
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-21536",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-21538",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45296",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45590",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45815",
"url": "https://access.redhat.com/security/cve/CVE-2024-45815"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45816",
"url": "https://access.redhat.com/security/cve/CVE-2024-45816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-46976",
"url": "https://access.redhat.com/security/cve/CVE-2024-46976"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-47762",
"url": "https://access.redhat.com/security/cve/CVE-2024-47762"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_11265.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.4.0 release.",
"tracking": {
"current_release_date": "2026-04-30T13:27:48+00:00",
"generator": {
"date": "2026-04-30T13:27:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHBA-2024:11265",
"initial_release_date": "2024-12-17T15:12:17+00:00",
"revision_history": [
{
"date": "2024-12-17T15:12:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-12T21:34:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:27:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub (RHDH) 1.4",
"product": {
"name": "Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub (RHDH)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.4-1734106454"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.4-1734106469"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.4-1734113472"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-19T06:00:36.846953+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2319884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "RHBZ#2319884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"release_date": "2024-10-19T05:00:04.056000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have any mitigation recommendations at this time.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Denial of Service"
},
{
"cve": "CVE-2024-21538",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-11-08T13:44:29.182678+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2324550"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cross-spawn: regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "RHBZ#2324550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/pull/160",
"url": "https://github.com/moxystudio/node-cross-spawn/pull/160"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230",
"url": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230"
}
],
"release_date": "2024-11-08T05:00:04.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cross-spawn: regular expression denial of service"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
},
{
"cve": "CVE-2024-45815",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2024-09-17T21:20:06.780788+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the backstage/plugin-catalog-backend package. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin-catalog-backend: prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45815"
},
{
"category": "external",
"summary": "RHBZ#2312952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45815"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-3x3f-jcp3-g22j",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-3x3f-jcp3-g22j"
}
],
"release_date": "2024-09-17T21:15:12.320000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin-catalog-backend: prototype pollution vulnerability"
},
{
"cve": "CVE-2024-45816",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2024-09-17T21:20:09.051855+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312953"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability was found in the backstage/plugin-techdocs-backend package. When using the AWS S3 or GCS storage provider for TechDocs, it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin-techdocs-backend: storage bucket directory traversal in TechDocs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45816"
},
{
"category": "external",
"summary": "RHBZ#2312953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312953"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45816"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g"
}
],
"release_date": "2024-09-17T21:15:12.553000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin-techdocs-backend: storage bucket directory traversal in TechDocs"
},
{
"cve": "CVE-2024-46976",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2024-09-17T21:20:11.815685+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312954"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the backstage/plugin-techdocs-backend package. An attacker with control of the contents of the TechDocs storage buckets may be able to inject executable scripts in the TechDocs content that will be executed in the victim\u0027s browser when browsing documentation or navigating to an attacker provided link.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin-techdocs-backend: circumvention of XSS protection in TechDocs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-46976"
},
{
"category": "external",
"summary": "RHBZ#2312954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312954"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-46976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-46976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46976"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-5j94-f3mf-8685",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-5j94-f3mf-8685"
}
],
"release_date": "2024-09-17T21:15:12.763000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin-techdocs-backend: circumvention of XSS protection in TechDocs"
},
{
"cve": "CVE-2024-47762",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2024-10-03T18:01:14.495619+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the backstage/plugin-app-backend package. Configurations supplied through APP_CONFIG_* environment variables unexpectedly ignore the visibility defined in the configuration schema, potentially exposing sensitive configuration details intended to remain private or restricted to backend processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "backstage/plugin-app-backend: Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47762"
},
{
"category": "external",
"summary": "RHBZ#2316342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47762"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/commit/323e6129073c5cb4cc106a1239eaec31a129554f",
"url": "https://github.com/backstage/backstage/commit/323e6129073c5cb4cc106a1239eaec31a129554f"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-qc4v-xq2m-65wc",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-qc4v-xq2m-65wc"
}
],
"release_date": "2024-10-03T17:14:34.529000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "workaround",
"details": "Avoid supplying secrets using the APP_CONFIG_* configuration pattern. Consider alternative methods such as the environment variable substitution.\n\nSee this link for more information about environment variable substitution: https://backstage.io/docs/conf/writing/#environment-variable-substitution",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "backstage/plugin-app-backend: Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend"
}
]
}
RHBA-2024:9054
Vulnerability from csaf_redhat - Published: 2024-11-11 01:39 - Updated: 2026-04-30 13:27Summary
Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.1 bugfix release
Severity
Important
Notes
Topic: Red Hat Developer Hub 1.3.1 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed,
customizable developer portal based on Backstage.io. RHDH is supported on
OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features
of RHDH include a single pane of glass, a centralized software catalog,
self-service via golden path templates, and Tech Docs. RHDH is extensible by
plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Node.js WebSocket library (ws). A request with several headers exceeding the 'server.maxHeadersCount' threshold could be used to crash a ws server, leading to a denial of service.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64 | — |
Workaround
|
Threats
Impact
Important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.3.1 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed,\ncustomizable developer portal based on Backstage.io. RHDH is supported on\nOpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features\nof RHDH include a single pane of glass, a centralized software catalog,\nself-service via golden path templates, and Tech Docs. RHDH is extensible by\nplugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2024:9054",
"url": "https://access.redhat.com/errata/RHBA-2024:9054"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.3",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.3"
},
{
"category": "external",
"summary": "RHIDP-4343",
"url": "https://issues.redhat.com/browse/RHIDP-4343"
},
{
"category": "external",
"summary": "RHIDP-4344",
"url": "https://issues.redhat.com/browse/RHIDP-4344"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_9054.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.1 bugfix release",
"tracking": {
"current_release_date": "2026-04-30T13:27:46+00:00",
"generator": {
"date": "2026-04-30T13:27:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHBA-2024:9054",
"initial_release_date": "2024-11-11T01:39:34+00:00",
"revision_history": [
{
"date": "2024-11-11T01:39:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-11T01:39:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:27:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.3 for RHEL 9",
"product": {
"name": "Red Hat Developer Hub 1.3 for RHEL 9",
"product_id": "9Base-RHDH-1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"product": {
"name": "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"product_id": "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9\u0026tag=1.3-124"
}
}
},
{
"category": "product_version",
"name": "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"product": {
"name": "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"product_id": "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle\u0026tag=1.3-118"
}
}
},
{
"category": "product_version",
"name": "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64",
"product": {
"name": "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64",
"product_id": "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator\u0026tag=1.3-119"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64 as a component of Red Hat Developer Hub 1.3 for RHEL 9",
"product_id": "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
},
"product_reference": "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"relates_to_product_reference": "9Base-RHDH-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64 as a component of Red Hat Developer Hub 1.3 for RHEL 9",
"product_id": "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64"
},
"product_reference": "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"relates_to_product_reference": "9Base-RHDH-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64 as a component of Red Hat Developer Hub 1.3 for RHEL 9",
"product_id": "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
},
"product_reference": "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64",
"relates_to_product_reference": "9Base-RHDH-1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-19T06:00:36.846953+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2319884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
],
"known_not_affected": [
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "RHBZ#2319884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"release_date": "2024-10-19T05:00:04.056000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-11T01:39:34+00:00",
"details": "To install the Red Hat Developer Hub 1.3, follow the instructions linked from the References section.",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:9054"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have any mitigation recommendations at this time.",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Denial of Service"
},
{
"cve": "CVE-2024-37890",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-06-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2292777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebSocket library (ws). A request with several headers exceeding the \u0027server.maxHeadersCount\u0027 threshold could be used to crash a ws server, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ws: denial of service when handling a request with many HTTP headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
],
"known_not_affected": [
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-37890"
},
{
"category": "external",
"summary": "RHBZ#2292777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-37890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37890"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q"
}
],
"release_date": "2024-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-11T01:39:34+00:00",
"details": "To install the Red Hat Developer Hub 1.3, follow the instructions linked from the References section.",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:9054"
},
{
"category": "workaround",
"details": "The issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. The issue can be mitigated also by seting server.maxHeadersCount to 0.",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-ws: denial of service when handling a request with many HTTP headers"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
],
"known_not_affected": [
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-11T01:39:34+00:00",
"details": "To install the Red Hat Developer Hub 1.3, follow the instructions linked from the References section.",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:9054"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
}
]
}
RHSA-2024:10917
Vulnerability from csaf_redhat - Published: 2024-12-10 11:04 - Updated: 2026-04-30 16:28Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
Severity
Important
Notes
Topic: A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released
Details: Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.
5.0 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.
5.0 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().
5.0 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.
4.8 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.
6.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.
6.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
References
81 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10917",
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-21536",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-43796",
"url": "https://access.redhat.com/security/cve/CVE-2024-43796"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-43799",
"url": "https://access.redhat.com/security/cve/CVE-2024-43799"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-43800",
"url": "https://access.redhat.com/security/cve/CVE-2024-43800"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45296",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45590",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45811",
"url": "https://access.redhat.com/security/cve/CVE-2024-45811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45812",
"url": "https://access.redhat.com/security/cve/CVE-2024-45812"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-47068",
"url": "https://access.redhat.com/security/cve/CVE-2024-47068"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10917.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release",
"tracking": {
"current_release_date": "2026-04-30T16:28:52+00:00",
"generator": {
"date": "2026-04-30T16:28:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2024:10917",
"initial_release_date": "2024-12-10T11:04:35+00:00",
"revision_history": [
{
"date": "2024-12-10T11:04:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-03-25T20:51:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:28:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.4",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256%3Ae65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Afdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Abf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Aaebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Af2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Af454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ac322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Af6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Af5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-19T06:00:36.846953+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2319884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "RHBZ#2319884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"release_date": "2024-10-19T05:00:04.056000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have any mitigation recommendations at this time.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Denial of Service"
},
{
"cve": "CVE-2024-43796",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:28.106254+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: Improper Input Handling in Express Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43796"
},
{
"category": "external",
"summary": "RHBZ#2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
"url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
}
],
"release_date": "2024-09-10T15:15:17.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: Improper Input Handling in Express Redirects"
},
{
"cve": "CVE-2024-43799",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:30.869487+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311153"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "send: Code Execution Vulnerability in Send Library",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43799"
},
{
"category": "external",
"summary": "RHBZ#2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
"url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
"url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
}
],
"release_date": "2024-09-10T15:15:17.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "send: Code Execution Vulnerability in Send Library"
},
{
"cve": "CVE-2024-43800",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:33.631718+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "serve-static: Improper Sanitization in serve-static",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "rhdh-hub-container 1.2 and 1.3 have included patches for this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43800"
},
{
"category": "external",
"summary": "RHBZ#2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
"url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
"url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
"url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
}
],
"release_date": "2024-09-10T15:15:17.937000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "serve-static: Improper Sanitization in serve-static"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
},
{
"cve": "CVE-2024-45811",
"cwe": {
"id": "CWE-41",
"name": "Improper Resolution of Path Equivalence"
},
"discovery_date": "2024-09-17T20:00:49.944925+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312930"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import\u0026raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vite: server.fs.deny is bypassed when using `?import\u0026raw`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate rather than high severity because it requires specific conditions for exploitation. The attacker must have access to the Vite server, which typically runs in a local development environment rather than in production. Additionally, the bypass allows file access only if the file path is already known or predictable, limiting the attacker\u0027s ability to arbitrarily explore the file system. While it exposes file content outside the Vite serving allow list, the scope of access is constrained, and the impact can be mitigated by proper server configurations and deployment practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45811"
},
{
"category": "external",
"summary": "RHBZ#2312930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite",
"url": "https://github.com/vitejs/vite"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249",
"url": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34",
"url": "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd",
"url": "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6",
"url": "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7",
"url": "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx",
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx"
}
],
"release_date": "2024-09-17T18:44:12+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vite: server.fs.deny is bypassed when using `?import\u0026raw`"
},
{
"cve": "CVE-2024-45812",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-17T20:20:07.064245+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312935"
}
],
"notes": [
{
"category": "description",
"text": "A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vite: XSS via DOM Clobbering gadget found in vite bundled scripts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is classified as moderate severity rather than important due to the specific conditions required to exploit the vulnerability. While DOM Clobbering can lead to Cross-Site Scripting (XSS), the attack surface is relatively limited. Exploitation is contingent on the presence of unsanitized user-supplied HTML with certain scriptless attributes (`name`, `id`) and the use of particular Vite build outputs (`cjs`, `iife`, `umd`). In environments following proper input sanitization practices, the risk is significantly mitigated. Moreover, the vulnerability does not enable direct code injection or compromise by default but rather leverages existing script elements, reducing the likelihood of widespread exploitation compared to higher severity issues.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45812"
},
{
"category": "external",
"summary": "RHBZ#2312935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad",
"url": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3",
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
"url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
},
{
"category": "external",
"summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
"url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
},
{
"category": "external",
"summary": "https://scnps.co/papers/sp23_domclob.pdf",
"url": "https://scnps.co/papers/sp23_domclob.pdf"
}
],
"release_date": "2024-09-17T20:15:06.037000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vite: XSS via DOM Clobbering gadget found in vite bundled scripts"
},
{
"cve": "CVE-2024-47068",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-23T16:20:20.383320+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314249"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit\u2014namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47068"
},
{
"category": "external",
"summary": "RHBZ#2314249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4",
"url": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541",
"url": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm"
}
],
"release_date": "2024-09-23T16:15:06.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-10T11:04:35+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10917"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:05b0c8b5f7717aa00aecf8415c5a79aaae45fdd921f16b9b717b715abdf3d86b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:204972905b60ab8957c9bdc79a68be864b7b1e4e946c557fe3529124ad987abc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:6d56211c0cc55af6cf64b0dcb27a733994febfbf24457bb14d658db98b4dcb90_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:7b0708b8375d637c822a10733cd97fdddfd6ed1717dd83a37b50f43f28a71444_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:10857fa228035950b7ee78de526d99f4353b0bdf6f67e8412baa93d7bb8455fc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:3a9c36576f625c796e193b7f457c05adfb2bf7fe27a4a20c8dc3239d7d7d749b_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:7db951f4309125ffaf31b315dcbfaaf2a94e33e0bad34a6a98dcdf7b9b5ae76a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7643356dd52ad18bea1b817b192708735794f5536bf86903f7721b07095d949_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0680a79d33d1be64996ef1713f357a03304525adda3a5b1bd902515015afe3e2_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:153a6c2b46a236577f57863da350c3f89595ecf0de6dd56eb8090741b83f6d10_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:60028cdb647f96cc8e3a49f11428a8d35b44937fdd6c6b8bafbd70d6a0a45fd6_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:912550520b81f9fcf68400dfd76d7a85f68a3fce5e95e34ee5a22a32fb5d3871_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:25dc148e3a956b8ee742d0702a0c3b5e978fefc4f1f080cf2bb273e115044303_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:2c4aafdd152511477c2bfbe1f4bc3545785e1cec7a510e9632bc9d72ea624f83_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:7975ba7f7952a874767ae327f8046c924a797cf3a60fbd21070fe3098c5493b9_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:fdb227f5425459de46782922f53ba147f67ea0a86ef2143b9b5d9bd15ba2958e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:2372370502da86ba88aed909bcc1e768377bf540def547fe663e7b727c7ab07d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8b8554063d8dde0c192b7a936515d4f7a3024c4f44a1c508d3d1c43cb54746cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:aebb7c234a589c94449a25d779b83f29ea94a67d9a15f6e5e1fa7cbb7379faa0_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:f454ee35013e250d97ccf8fbd72392932a7b3cb56bc0a1e8d40e39716b41573e_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:bf8fc9009a8c2ee43c1795d9408b0b385cd99ad0601c50e1e79e6df11f57880d_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c322e17e36003bba01af3583da5c5a5673681f47a27a3c4624353f449fbbfe80_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f2394fa49c88dd115e54de9ce42ceb6178bff1d0a2e6a1d355dc60ba77c5323c_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:f5fbc78661bb8f6b091c521c46973aaa296e0534325d753c47a14309e06c2279_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:e65dce4728a53af4e696d09b05b60a731ecb8cdba19332deb16c291f61adcdb4_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:56784b527bf1fc1a2a0f24ea9b6edea3927746cbe1b18d9c653e0be621f07911_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:59183275cf68d933b5eb3690ae89aacfb9e34ee85868e7a1f858684cff6dcd20_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:7ce3c91962c904cffc5446c0ba6263124ea4b8a17963fbbefabacac73daf4851_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:01668273578bb232be7f478235ef9d4a85ef4eb5e0a63a405a0b7812225e053a_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:121702ab2f294b8dcfa55ecc5566dbd071368713967170bd2297ddcc49e777ea_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4f4632fc0514f19edbb7f951e598d695ce8b07ddd5830f096d87a8925646de0e_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:f6f2d00257e8409ff55194ccec35708b010225aace48d36368d8d227d4b13cc0_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS"
}
]
}
RHSA-2024:10962
Vulnerability from csaf_redhat - Published: 2024-12-11 16:47 - Updated: 2026-04-30 16:28Summary
Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release
Severity
Important
Notes
Topic: A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released
Details: Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.
5.0 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.
5.0 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().
5.0 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import&raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.
4.8 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.
6.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.
6.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
29 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
81 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat OpenShift distributed tracing platform (Jaeger) has been released",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift distributed tracing platform based on Jaeger. Jaeger is a project inspired by Dapper and OpenZipkin. It is a distributed tracing system released as open source by Uber Technologies. It is used for monitoring and troubleshooting microservices-based distributed systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10962",
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/distributed_tracing/distributed-tracing-platform-jaeger"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-21536",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-43796",
"url": "https://access.redhat.com/security/cve/CVE-2024-43796"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-43799",
"url": "https://access.redhat.com/security/cve/CVE-2024-43799"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-43800",
"url": "https://access.redhat.com/security/cve/CVE-2024-43800"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45296",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45590",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45811",
"url": "https://access.redhat.com/security/cve/CVE-2024-45811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45812",
"url": "https://access.redhat.com/security/cve/CVE-2024-45812"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-47068",
"url": "https://access.redhat.com/security/cve/CVE-2024-47068"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10962.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Jaeger) 3.4 release",
"tracking": {
"current_release_date": "2026-04-30T16:28:54+00:00",
"generator": {
"date": "2026-04-30T16:28:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2024:10962",
"initial_release_date": "2024-12-11T16:47:10+00:00",
"revision_history": [
{
"date": "2024-12-11T16:47:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-03-25T20:51:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:28:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.4",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aeebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-operator-bundle@sha256%3A44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3Abf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Afd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ac254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Ada3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3Aa7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Ab7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3A6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3Afed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ae8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3A4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3A78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3A3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3Aceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ac81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3Ae537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Abb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3Ae7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-agent-rhel8@sha256%3Ab541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256%3A952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-collector-rhel8@sha256%3A6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256%3Ab0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256%3A60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-ingester-rhel8@sha256%3A44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-rhel8-operator@sha256%3Ab9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"product_id": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jaeger-query-rhel8@sha256%3Afe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64 as a component of Red Hat OpenShift distributed tracing 3.4",
"product_id": "Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-19T06:00:36.846953+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2319884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "RHBZ#2319884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"release_date": "2024-10-19T05:00:04.056000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have any mitigation recommendations at this time.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Denial of Service"
},
{
"cve": "CVE-2024-43796",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:28.106254+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: Improper Input Handling in Express Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43796"
},
{
"category": "external",
"summary": "RHBZ#2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
"url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
}
],
"release_date": "2024-09-10T15:15:17.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: Improper Input Handling in Express Redirects"
},
{
"cve": "CVE-2024-43799",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:30.869487+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311153"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "send: Code Execution Vulnerability in Send Library",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43799"
},
{
"category": "external",
"summary": "RHBZ#2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
"url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
"url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
}
],
"release_date": "2024-09-10T15:15:17.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "send: Code Execution Vulnerability in Send Library"
},
{
"cve": "CVE-2024-43800",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:33.631718+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "serve-static: Improper Sanitization in serve-static",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "rhdh-hub-container 1.2 and 1.3 have included patches for this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43800"
},
{
"category": "external",
"summary": "RHBZ#2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
"url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
"url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
"url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
}
],
"release_date": "2024-09-10T15:15:17.937000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "serve-static: Improper Sanitization in serve-static"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
},
{
"cve": "CVE-2024-45811",
"cwe": {
"id": "CWE-41",
"name": "Improper Resolution of Path Equivalence"
},
"discovery_date": "2024-09-17T20:00:49.944925+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312930"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ViteJS. `@fs` denies access to files outside of Vite serving allow list. Adding `?import\u0026raw` to the URL bypasses this limitation and returns the file content if it exists, which can allow an attacker to access arbitrary files via the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vite: server.fs.deny is bypassed when using `?import\u0026raw`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate rather than high severity because it requires specific conditions for exploitation. The attacker must have access to the Vite server, which typically runs in a local development environment rather than in production. Additionally, the bypass allows file access only if the file path is already known or predictable, limiting the attacker\u0027s ability to arbitrarily explore the file system. While it exposes file content outside the Vite serving allow list, the scope of access is constrained, and the impact can be mitigated by proper server configurations and deployment practices.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45811"
},
{
"category": "external",
"summary": "RHBZ#2312930",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312930"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45811"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite",
"url": "https://github.com/vitejs/vite"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249",
"url": "https://github.com/vitejs/vite/commit/4573a6fd6f1b097fb7296a3e135e0646b996b249"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34",
"url": "https://github.com/vitejs/vite/commit/6820bb3b9a54334f3268fc5ee1e967d2e1c0db34"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd",
"url": "https://github.com/vitejs/vite/commit/8339d7408668686bae56eaccbfdc7b87612904bd"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6",
"url": "https://github.com/vitejs/vite/commit/a6da45082b6e73ddfdcdcc06bb5414f976a388d6"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7",
"url": "https://github.com/vitejs/vite/commit/b901438f99e667f76662840826eec91c8ab3b3e7"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx",
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-9cwx-2883-4wfx"
}
],
"release_date": "2024-09-17T18:44:12+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vite: server.fs.deny is bypassed when using `?import\u0026raw`"
},
{
"cve": "CVE-2024-45812",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-17T20:20:07.064245+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312935"
}
],
"notes": [
{
"category": "description",
"text": "A DOM clobbering vulnerability was found in ViteJS. This may lead to cross-site scripting (XSS) attacks on websites that include Vite-bundled files configured with an output format of cjs, iife, or umd, and allow users to inject certain scriptless HTML tags without properly sanitizing the name or id attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vite: XSS via DOM Clobbering gadget found in vite bundled scripts",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is classified as moderate severity rather than important due to the specific conditions required to exploit the vulnerability. While DOM Clobbering can lead to Cross-Site Scripting (XSS), the attack surface is relatively limited. Exploitation is contingent on the presence of unsanitized user-supplied HTML with certain scriptless attributes (`name`, `id`) and the use of particular Vite build outputs (`cjs`, `iife`, `umd`). In environments following proper input sanitization practices, the risk is significantly mitigated. Moreover, the vulnerability does not enable direct code injection or compromise by default but rather leverages existing script elements, reducing the likelihood of widespread exploitation compared to higher severity issues.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45812"
},
{
"category": "external",
"summary": "RHBZ#2312935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45812"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad",
"url": "https://github.com/vitejs/vite/commit/ade1d89660e17eedfd35652165b0c26905259fad"
},
{
"category": "external",
"summary": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3",
"url": "https://github.com/vitejs/vite/security/advisories/GHSA-64vr-g452-qvp3"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
"url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
},
{
"category": "external",
"summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
"url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
},
{
"category": "external",
"summary": "https://scnps.co/papers/sp23_domclob.pdf",
"url": "https://scnps.co/papers/sp23_domclob.pdf"
}
],
"release_date": "2024-09-17T20:15:06.037000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vite: XSS via DOM Clobbering gadget found in vite bundled scripts"
},
{
"cve": "CVE-2024-47068",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-23T16:20:20.383320+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314249"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit\u2014namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47068"
},
{
"category": "external",
"summary": "RHBZ#2314249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4",
"url": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541",
"url": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm"
}
],
"release_date": "2024-09-23T16:15:06.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-11T16:47:10+00:00",
"details": "For details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.17/h tml/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10962"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:2a199dfb119a0a9e23cfb6ad30f3715c9219bb8fa880a8a41977829d763a4ca5_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:3a719c39310ec4c664a3e49bf899f070e46be72b7594ce73d335c549b474146f_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:a7ae101cffca890f8665237b153e97b6dc1b3a6b672eaeccdbe4bfbd7aedce17_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-agent-rhel8@sha256:b541c30e0c0180612046cc31c639b219f6e9f4c7ae2e631b6f03404b7d55ee1d_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:952f5a651c58cf3f86ded53cdd03649e3c7cb5c91199fd42bf2333e2ae48cce2_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:b7bcd8d1986f24bc0996360cc6c5eff80d57b3802969740a44ce98484113c1c8_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:ceab26a0939aeb7c4280ff8ff8c8607087838ef37a429e5f8d5f2fa663f5e4fa_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8@sha256:eebbda52e7853c58f638a0e9ac19f2523396358b92a08c026233b6a9b6e3eb38_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:00481eba92932c2e8dcff9c2e74414423a95cdf7e158a081ac9b6ce64e095053_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:0e8aefb95c5605a7b986c2765417118217962a69a803b38b0d5b5da9ee18ed7a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:6a073cd60d81bff01283dd4cbf680cfc7a17aa42cd262ae5ad4460142a2b5ec0_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-collector-rhel8@sha256:bf43ff8bf24eaf6694abfe3ba0ad34223743ac80473a7284aeb6e30c8b6f7a09_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:43a162e333dc9d7b3d78102ea1ad0edfdc5f83eda53416c26c352f64ce03648e_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:6d2163a0d54b4ca742e2669a1cf6145abaf8681fe68bfaf7b0adf3e386979f5a_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:b0a964e6cfabcab6b24a7caaac935304ab00bf5aac4a2895bebd78dc8dcc93cc_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8@sha256:c81395f94df15ee18eefd08b0b0e83cac7e7a266558a1458cfa769504c49a1c5_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:60aecc2ebb419a5dd979e503b9475af9b1def1ca82fcd9d4b96a05bc3a0686d6_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:8a85c82050ca4a430ebeabb6192debca6daee99d9baa0cf96b156790f0984d02_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fd196cb2a9c3780ca1de2a6974bd3c2042c09bebf8a5c5a27bf5e51140a14e33_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8@sha256:fed0a62dffeb3fc63a57c54b66194d1fb754cb89ec0d8aa0f9a303d3fc494857_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:44d844bd4f1c83b7ee66645a8f0e3c71c5f3fa84ee62553058c15106d8782a69_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:c254cbefa1a0d57fbd1a4925254de1d6568cafa6b26be59db1df38142ab2256c_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e537e8f52fe57bb5ec047054e7a5f7e26a96d5ac52b85623cf56c946c93032cf_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-ingester-rhel8@sha256:e8cc4fc4b0d5b3238a6441acd162d5e8bba35c51a1bab2f2ff87b812c5ded866_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-operator-bundle@sha256:44b22b250cdf29c29cf8c71941ea9ffd84c8bc7f4fddffafcd1b194a125d9028_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:78b4c8cb7e68b33fbd0cfb502a2d4e3ca09eeb6168d525c80ae0a45775364952_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829_amd64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:e7814650195a4ce28137f26da766217ed09dc2d974146b73fefb50b3e3c63749_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-query-rhel8@sha256:fe5c0636b57f316157812488029f3346363031b3e216dbc82ed9897a2d1347ab_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:4347e8a28b5a964fcab8ab237e5d93aef6f07ec9400e34a539dccb9d101b6fde_arm64",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:b9b2c61785f82ca784c957898412726a37c4fe81351c1bf7538d45229adabd8b_s390x",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:bb1d9ea1ef3e98740a6a4fd64e27c74b9ecc6849a3b4adc8c1d3a0289adca4f3_ppc64le",
"Red Hat OpenShift distributed tracing 3.4:registry.redhat.io/rhosdt/jaeger-rhel8-operator@sha256:da3915ec0e08f9e14be5520bc92a318308a4e2a514f19f74a54b8c922f7df9df_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…