Vulnerability-Lookup

CVE-2020-28469 (GCVE-0-2020-28469)

Vulnerability from cvelistv5 – Published: 2021-06-03 15:15 – Updated: 2024-09-16 18:43

Title

Regular Expression Denial of Service (ReDoS)

Summary

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

Regular Expression Denial of Service (ReDoS)

Assigner

snyk

References

7 references

URL	Tags
https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905	x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092	x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGIT…	x_refsource_MISC
https://github.com/gulpjs/glob-parent/blob/6ce8d1…	x_refsource_MISC
https://github.com/gulpjs/glob-parent/pull/36	x_refsource_MISC
https://github.com/gulpjs/glob-parent/releases/ta…	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	glob-parent	Affected: unspecified , < 5.1.2 (custom)

Date Public

2021-06-03 00:00

Credits

Yeting Li

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:40:59.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gulpjs/glob-parent/pull/36"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "glob-parent",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "5.1.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Yeting Li"
        }
      ],
      "datePublic": "2021-06-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Regular Expression Denial of Service (ReDoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-07T14:40:42.000Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gulpjs/glob-parent/pull/36"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        }
      ],
      "title": "Regular Expression Denial of Service (ReDoS)",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "report@snyk.io",
          "DATE_PUBLIC": "2021-06-03T15:14:03.687376Z",
          "ID": "CVE-2020-28469",
          "STATE": "PUBLIC",
          "TITLE": "Regular Expression Denial of Service (ReDoS)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "glob-parent",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "5.1.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Yeting Li"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Regular Expression Denial of Service (ReDoS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
            },
            {
              "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092"
            },
            {
              "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093"
            },
            {
              "name": "https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9",
              "refsource": "MISC",
              "url": "https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9"
            },
            {
              "name": "https://github.com/gulpjs/glob-parent/pull/36",
              "refsource": "MISC",
              "url": "https://github.com/gulpjs/glob-parent/pull/36"
            },
            {
              "name": "https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2",
              "refsource": "MISC",
              "url": "https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2020-28469",
    "datePublished": "2021-06-03T15:15:13.479Z",
    "dateReserved": "2020-11-12T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:43:30.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-28469",
      "date": "2026-05-27",
      "epss": "0.00964",
      "percentile": "0.76787"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-28469\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2021-06-03T16:15:07.507\",\"lastModified\":\"2024-11-21T05:22:51.557\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator.\"},{\"lang\":\"es\",\"value\":\"Esto afecta al paquete glob-parent versiones anteriores a 5.1.2. La regex de enclosure usada para comprobar las cadenas que terminan en enclosure conteniendo el separador de ruta\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"report@snyk.io\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gulpjs:glob-parent:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"5.1.2\",\"matchCriteriaId\":\"394833D2-F112-4069-BD02-1BAEF2E57D23\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4479F76A-4B67-41CC-98C7-C76B81050F8E\"}]}]}],\"references\":[{\"url\":\"https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9\",\"source\":\"report@snyk.io\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/gulpjs/glob-parent/pull/36\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2\",\"source\":\"report@snyk.io\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://github.com/gulpjs/glob-parent/pull/36\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

RHSA-2021:5171

Vulnerability from csaf_redhat - Published: 2021-12-16 17:21 - Updated: 2026-04-30 16:09

Summary

Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update

Severity

Moderate

Notes

Topic: An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2020-7788

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-28469

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent function. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Low

CVE-2021-3807

A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16		—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16		—	Vendor Fix fix

Known not affected 28 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16		—
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16		—

Threats

Impact Moderate

CVE-2021-3918

The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-22959

An HTTP Request Smuggling (HRS) vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied (such as proxy, reverse-proxy, load-balancer), an attacker can use this flaw to inject arbitrary messages through the proxy. The highest threat from this vulnerability is to confidentiality and integrity.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Low

CVE-2021-22960

An HTTP Request Smuggling (HRS) vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied (such as proxy, reverse-proxy, load-balancer), an attacker can use this flaw to inject arbitrary messages through the proxy. The highest threat from this vulnerability is to confidentiality and integrity.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Low

CVE-2021-33502

A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16	—	Vendor Fix fix

Threats

Impact Moderate

References

42 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:5171	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1907444	external
https://bugzilla.redhat.com/show_bug.cgi?id=1945459	external
https://bugzilla.redhat.com/show_bug.cgi?id=1964461	external
https://bugzilla.redhat.com/show_bug.cgi?id=2007557	external
https://bugzilla.redhat.com/show_bug.cgi?id=2014057	external
https://bugzilla.redhat.com/show_bug.cgi?id=2014059	external
https://bugzilla.redhat.com/show_bug.cgi?id=2024702	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-7788	self
https://bugzilla.redhat.com/show_bug.cgi?id=1907444	external
https://www.cve.org/CVERecord?id=CVE-2020-7788	external
https://nvd.nist.gov/vuln/detail/CVE-2020-7788	external
https://access.redhat.com/security/cve/CVE-2020-28469	self
https://bugzilla.redhat.com/show_bug.cgi?id=1945459	external
https://www.cve.org/CVERecord?id=CVE-2020-28469	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28469	external
https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905	external
https://access.redhat.com/security/cve/CVE-2021-3807	self
https://bugzilla.redhat.com/show_bug.cgi?id=2007557	external
https://www.cve.org/CVERecord?id=CVE-2021-3807	external
https://nvd.nist.gov/vuln/detail/CVE-2021-3807	external
https://huntr.dev/bounties/5b3cf33b-ede0-4398-997…	external
https://access.redhat.com/security/cve/CVE-2021-3918	self
https://bugzilla.redhat.com/show_bug.cgi?id=2024702	external
https://www.cve.org/CVERecord?id=CVE-2021-3918	external
https://nvd.nist.gov/vuln/detail/CVE-2021-3918	external
https://access.redhat.com/security/cve/CVE-2021-22959	self
https://bugzilla.redhat.com/show_bug.cgi?id=2014057	external
https://www.cve.org/CVERecord?id=CVE-2021-22959	external
https://nvd.nist.gov/vuln/detail/CVE-2021-22959	external
https://nodejs.org/en/blog/vulnerability/oct-2021…	external
https://access.redhat.com/security/cve/CVE-2021-22960	self
https://bugzilla.redhat.com/show_bug.cgi?id=2014059	external
https://www.cve.org/CVERecord?id=CVE-2021-22960	external
https://nvd.nist.gov/vuln/detail/CVE-2021-22960	external
https://access.redhat.com/security/cve/CVE-2021-33502	self
https://bugzilla.redhat.com/show_bug.cgi?id=1964461	external
https://www.cve.org/CVERecord?id=CVE-2021-33502	external
https://nvd.nist.gov/vuln/detail/CVE-2021-33502	external
https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (16.13.1), nodejs-nodemon (2.0.15). (BZ#2027610)\n\nSecurity Fix(es):\n\n* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* llhttp: HTTP Request Smuggling due to spaces in headers (CVE-2021-22959)\n\n* llhttp: HTTP Request Smuggling when parsing the body of chunked requests (CVE-2021-22960)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5171",
        "url": "https://access.redhat.com/errata/RHSA-2021:5171"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1907444",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907444"
      },
      {
        "category": "external",
        "summary": "1945459",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459"
      },
      {
        "category": "external",
        "summary": "1964461",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
      },
      {
        "category": "external",
        "summary": "2007557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
      },
      {
        "category": "external",
        "summary": "2014057",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057"
      },
      {
        "category": "external",
        "summary": "2014059",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059"
      },
      {
        "category": "external",
        "summary": "2024702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024702"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5171.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-04-30T16:09:40+00:00",
      "generator": {
        "date": "2026-04-30T16:09:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2021:5171",
      "initial_release_date": "2021-12-16T17:21:31+00:00",
      "revision_history": [
        {
          "date": "2021-12-16T17:21:31+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-16T17:21:31+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T16:09:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.5.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
                "product": {
                  "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x (nodejs:16)",
                  "product_id": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
                "product": {
                  "name": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x (nodejs:16)",
                  "product_id": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
                "product": {
                  "name": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x (nodejs:16)",
                  "product_id": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
                "product": {
                  "name": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x (nodejs:16)",
                  "product_id": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
                "product": {
                  "name": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x (nodejs:16)",
                  "product_id": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
                "product": {
                  "name": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x (nodejs:16)",
                  "product_id": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.1.2-1.16.13.1.3.module%2Bel8.5.0%2B13548%2B45d748af?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
                "product": {
                  "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src (nodejs:16)",
                  "product_id": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=src\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src (nodejs:16)",
                  "product_id": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.15-1.module%2Bel8.5.0%2B13548%2B45d748af?arch=src\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
                "product": {
                  "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src (nodejs:16)",
                  "product_id": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@25-1.module%2Bel8.5.0%2B10992%2Bfac5fe06?arch=src\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
                "product": {
                  "name": "nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch (nodejs:16)",
                  "product_id": "nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch (nodejs:16)",
                  "product_id": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.15-1.module%2Bel8.5.0%2B13548%2B45d748af?arch=noarch\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
                "product": {
                  "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch (nodejs:16)",
                  "product_id": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@25-1.module%2Bel8.5.0%2B10992%2Bfac5fe06?arch=noarch\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
                "product": {
                  "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64 (nodejs:16)",
                  "product_id": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
                "product": {
                  "name": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64 (nodejs:16)",
                  "product_id": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
                "product": {
                  "name": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64 (nodejs:16)",
                  "product_id": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
                "product": {
                  "name": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64 (nodejs:16)",
                  "product_id": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
                "product": {
                  "name": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64 (nodejs:16)",
                  "product_id": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
                "product": {
                  "name": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64 (nodejs:16)",
                  "product_id": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.1.2-1.16.13.1.3.module%2Bel8.5.0%2B13548%2B45d748af?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
                "product": {
                  "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le (nodejs:16)",
                  "product_id": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
                "product": {
                  "name": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le (nodejs:16)",
                  "product_id": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
                "product": {
                  "name": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le (nodejs:16)",
                  "product_id": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
                "product": {
                  "name": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le (nodejs:16)",
                  "product_id": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
                "product": {
                  "name": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le (nodejs:16)",
                  "product_id": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
                "product": {
                  "name": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le (nodejs:16)",
                  "product_id": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.1.2-1.16.13.1.3.module%2Bel8.5.0%2B13548%2B45d748af?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
                "product": {
                  "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64 (nodejs:16)",
                  "product_id": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
                "product": {
                  "name": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64 (nodejs:16)",
                  "product_id": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
                "product": {
                  "name": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64 (nodejs:16)",
                  "product_id": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
                "product": {
                  "name": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64 (nodejs:16)",
                  "product_id": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
                "product": {
                  "name": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64 (nodejs:16)",
                  "product_id": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.13.1-3.module%2Bel8.5.0%2B13548%2B45d748af?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
                "product": {
                  "name": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64 (nodejs:16)",
                  "product_id": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.1.2-1.16.13.1.3.module%2Bel8.5.0%2B13548%2B45d748af?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:16:8050020211206113934:c5368500"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16"
        },
        "product_reference": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16"
        },
        "product_reference": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16"
        },
        "product_reference": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16"
        },
        "product_reference": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        },
        "product_reference": "nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16"
        },
        "product_reference": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16"
        },
        "product_reference": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16"
        },
        "product_reference": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        },
        "product_reference": "nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16"
        },
        "product_reference": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16"
        },
        "product_reference": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16"
        },
        "product_reference": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        },
        "product_reference": "nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16"
        },
        "product_reference": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16"
        },
        "product_reference": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16"
        },
        "product_reference": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        },
        "product_reference": "nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16"
        },
        "product_reference": "nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16"
        },
        "product_reference": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16"
        },
        "product_reference": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16"
        },
        "product_reference": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        },
        "product_reference": "nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16"
        },
        "product_reference": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16"
        },
        "product_reference": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16"
        },
        "product_reference": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16"
        },
        "product_reference": "nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16"
        },
        "product_reference": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16"
        },
        "product_reference": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16"
        },
        "product_reference": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64 (nodejs:16) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        },
        "product_reference": "npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-7788",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1907444"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ini: Prototype pollution via malicious INI file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Node.JS packages in Red Hat Enterprise Linux and Red Hat Software Collections included the vulnerable dependency packaged in \"nodejs-npm\" component. Processing malicious files using npm could potentially trigger this vulnerability. The \"ini\" package bundled with npm was not in the library path where it could be included directly in other programs.\n\nThe nodejs-nodemon packages in Red Hat Enterprise Linux and Red Hat Software Collections are affected by this vulnerability as they bundle the nodejs-ini library.  Usage of that library is governed by nodemon itself, so applications started by nodemon are not impacted.  Further, nodemon is a developer tool not intended to be used in production.\n\nThe ini package is included in Red Hat Quay by protractor and webpack-cli, both of which are dev dependencies.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-7788"
        },
        {
          "category": "external",
          "summary": "RHBZ#1907444",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907444"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-7788"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7788",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7788"
        }
      ],
      "release_date": "2020-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T17:21:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5171"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-ini: Prototype pollution via malicious INI file"
    },
    {
      "cve": "CVE-2020-28469",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1945459"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent function. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-glob-parent: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While some components do package a vulnerable version of glob-parent, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n   - OpenShift Container Platform (OCP)\n   - OpenShift ServiceMesh (OSSM)\n   - Red Hat Advanced Cluster Management for Kubernetes (RHACM)\n   - OpenShift distributed tracing",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28469"
        },
        {
          "category": "external",
          "summary": "RHBZ#1945459",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905",
          "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
        }
      ],
      "release_date": "2021-01-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T17:21:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5171"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-glob-parent: Regular expression denial of service"
    },
    {
      "cve": "CVE-2021-3807",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2007557"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16"
        ],
        "known_not_affected": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "RHBZ#2007557",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994",
          "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
        }
      ],
      "release_date": "2021-09-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T17:21:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5171"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes"
    },
    {
      "cve": "CVE-2021-3918",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2021-11-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2024702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-json-schema: Prototype pollution vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "npm versions 8.0.0 and older provide a vulnerable version of the json-schema library. However, it is currently believed that in the context of npm, it is not possible to take advantage of the vulnerability.\n\nRed Hat Enterprise Linux version 8 and Software Collections provide a vulnerable version of the json-schema library only as embedded in the npm package. As a result, the severity of the incident has been lowered for these 2 products.\n\nRed Hat Quay includes json-schema as a development dependency of quay-registry-container. As a result, the impact rating has been lowered to Moderate.\n\nIn Red Hat OpenShift Container Platform (RHOCP), Red Hat Openshift Data Foundations (ODF), Red Hat distributed tracing, Migration Toolkit for Virtualization (MTV) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth. This restricts access to the vulnerable json-schema library to authenticated users only, therefore the impact is reduced to Moderate.\n\nIn Red Hat Openshift Data Foundations (ODF) the odf4/mcg-core-rhel8 component has \"Will not fix status\", but starting from ODF 4.11 stream this component contains already patched version of the json-schema library. Earlier version of ODF are already under Maintenance Support phase, hence this vulnerability will not be fixed.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3918"
        },
        {
          "category": "external",
          "summary": "RHBZ#2024702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918"
        }
      ],
      "release_date": "2021-10-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T17:21:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5171"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-json-schema: Prototype pollution vulnerability"
    },
    {
      "cve": "CVE-2021-22959",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2014057"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling (HRS) vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied (such as proxy, reverse-proxy, load-balancer), an attacker can use this flaw to inject arbitrary messages through the proxy. The highest threat from this vulnerability is to confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "llhttp: HTTP Request Smuggling due to spaces in headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-22959"
        },
        {
          "category": "external",
          "summary": "RHBZ#2014057",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22959",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-22959"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/"
        }
      ],
      "release_date": "2021-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T17:21:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5171"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "llhttp: HTTP Request Smuggling due to spaces in headers"
    },
    {
      "cve": "CVE-2021-22960",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2014059"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling (HRS) vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied (such as proxy, reverse-proxy, load-balancer), an attacker can use this flaw to inject arbitrary messages through the proxy. The highest threat from this vulnerability is to confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "llhttp: HTTP Request Smuggling when parsing the body of chunked requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-22960"
        },
        {
          "category": "external",
          "summary": "RHBZ#2014059",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-22960"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/"
        }
      ],
      "release_date": "2021-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T17:21:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5171"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "llhttp: HTTP Request Smuggling when parsing the body of chunked requests"
    },
    {
      "cve": "CVE-2021-33502",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-05-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1964461"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-normalize-url: ReDoS for data URLs",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
          "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-33502"
        },
        {
          "category": "external",
          "summary": "RHBZ#1964461",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33502",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539",
          "url": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539"
        }
      ],
      "release_date": "2021-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T17:21:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5171"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:16.13.1-3.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:16.13.1-3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13548+45d748af.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.noarch::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:25-1.module+el8.5.0+10992+fac5fe06.src::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.aarch64::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.ppc64le::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.s390x::nodejs:16",
            "AppStream-8.5.0.Z.MAIN:npm-1:8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af.x86_64::nodejs:16"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-normalize-url: ReDoS for data URLs"
    }
  ]
}

RHSA-2022:0246

Vulnerability from csaf_redhat - Published: 2022-01-25 09:28 - Updated: 2026-04-30 16:09

Summary

Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

Severity

Moderate

Notes

Topic: An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (14.18.2), nodejs-nodemon (2.0.15). (BZ#2027608) Security Fix(es): * nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918) * nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * normalize-url: ReDoS for data URLs (CVE-2021-33502) * nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37701) * nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37712) * llhttp: HTTP Request Smuggling due to spaces in headers (CVE-2021-22959) * llhttp: HTTP Request Smuggling when parsing the body of chunked requests (CVE-2021-22960) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-7788

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-28469

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-3807

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-3918

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Important

CVE-2021-22959

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Low

CVE-2021-22960

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Low

CVE-2021-33502

A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-37701

A flaw was found in the npm package "tar" (aka node-tar). Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on directories. This flaw allows an untrusted tar file to extract and overwrite files into an arbitrary location. A similar confusion can arise on case-insensitive filesystems. The highest threat from this vulnerability is to integrity and system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-37712

A flaw was found in the npm package "tar" (aka node-tar). Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an untrusted tar file to extract and overwrite files into an arbitrary location. The highest threat from this vulnerability is to integrity and system availability.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

References

56 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:0246	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1907444	external
https://bugzilla.redhat.com/show_bug.cgi?id=1945459	external
https://bugzilla.redhat.com/show_bug.cgi?id=1964461	external
https://bugzilla.redhat.com/show_bug.cgi?id=1999731	external
https://bugzilla.redhat.com/show_bug.cgi?id=1999739	external
https://bugzilla.redhat.com/show_bug.cgi?id=2007557	external
https://bugzilla.redhat.com/show_bug.cgi?id=2014057	external
https://bugzilla.redhat.com/show_bug.cgi?id=2014059	external
https://bugzilla.redhat.com/show_bug.cgi?id=2024702	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-7788	self
https://bugzilla.redhat.com/show_bug.cgi?id=1907444	external
https://www.cve.org/CVERecord?id=CVE-2020-7788	external
https://nvd.nist.gov/vuln/detail/CVE-2020-7788	external
https://access.redhat.com/security/cve/CVE-2020-28469	self
https://bugzilla.redhat.com/show_bug.cgi?id=1945459	external
https://www.cve.org/CVERecord?id=CVE-2020-28469	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28469	external
https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905	external
https://access.redhat.com/security/cve/CVE-2021-3807	self
https://bugzilla.redhat.com/show_bug.cgi?id=2007557	external
https://www.cve.org/CVERecord?id=CVE-2021-3807	external
https://nvd.nist.gov/vuln/detail/CVE-2021-3807	external
https://huntr.dev/bounties/5b3cf33b-ede0-4398-997…	external
https://access.redhat.com/security/cve/CVE-2021-3918	self
https://bugzilla.redhat.com/show_bug.cgi?id=2024702	external
https://www.cve.org/CVERecord?id=CVE-2021-3918	external
https://nvd.nist.gov/vuln/detail/CVE-2021-3918	external
https://access.redhat.com/security/cve/CVE-2021-22959	self
https://bugzilla.redhat.com/show_bug.cgi?id=2014057	external
https://www.cve.org/CVERecord?id=CVE-2021-22959	external
https://nvd.nist.gov/vuln/detail/CVE-2021-22959	external
https://nodejs.org/en/blog/vulnerability/oct-2021…	external
https://access.redhat.com/security/cve/CVE-2021-22960	self
https://bugzilla.redhat.com/show_bug.cgi?id=2014059	external
https://www.cve.org/CVERecord?id=CVE-2021-22960	external
https://nvd.nist.gov/vuln/detail/CVE-2021-22960	external
https://access.redhat.com/security/cve/CVE-2021-33502	self
https://bugzilla.redhat.com/show_bug.cgi?id=1964461	external
https://www.cve.org/CVERecord?id=CVE-2021-33502	external
https://nvd.nist.gov/vuln/detail/CVE-2021-33502	external
https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539	external
https://access.redhat.com/security/cve/CVE-2021-37701	self
https://bugzilla.redhat.com/show_bug.cgi?id=1999731	external
https://www.cve.org/CVERecord?id=CVE-2021-37701	external
https://nvd.nist.gov/vuln/detail/CVE-2021-37701	external
https://github.com/npm/node-tar/security/advisori…	external
https://www.npmjs.com/advisories/1779	external
https://access.redhat.com/security/cve/CVE-2021-37712	self
https://bugzilla.redhat.com/show_bug.cgi?id=1999739	external
https://www.cve.org/CVERecord?id=CVE-2021-37712	external
https://nvd.nist.gov/vuln/detail/CVE-2021-37712	external
https://github.com/npm/node-tar/security/advisori…	external
https://www.npmjs.com/advisories/1780	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.18.2), nodejs-nodemon (2.0.15). (BZ#2027608)\n\nSecurity Fix(es):\n\n* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37701)\n\n* nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37712)\n\n* llhttp: HTTP Request Smuggling due to spaces in headers (CVE-2021-22959)\n\n* llhttp: HTTP Request Smuggling when parsing the body of chunked requests (CVE-2021-22960)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:0246",
        "url": "https://access.redhat.com/errata/RHSA-2022:0246"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1907444",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907444"
      },
      {
        "category": "external",
        "summary": "1945459",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459"
      },
      {
        "category": "external",
        "summary": "1964461",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
      },
      {
        "category": "external",
        "summary": "1999731",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999731"
      },
      {
        "category": "external",
        "summary": "1999739",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999739"
      },
      {
        "category": "external",
        "summary": "2007557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
      },
      {
        "category": "external",
        "summary": "2014057",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057"
      },
      {
        "category": "external",
        "summary": "2014059",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059"
      },
      {
        "category": "external",
        "summary": "2024702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024702"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0246.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-04-30T16:09:44+00:00",
      "generator": {
        "date": "2026-04-30T16:09:44+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2022:0246",
      "initial_release_date": "2022-01-25T09:28:51+00:00",
      "revision_history": [
        {
          "date": "2022-01-25T09:28:51+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-01-25T09:28:51+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T16:09:44+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)",
                  "product_id": "AppStream-8.4.0.Z.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_eus:8.4::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64 (nodejs:14)",
                  "product_id": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64 (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64 (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64 (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64 (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64 (nodejs:14)",
                  "product_id": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.15-1.14.18.2.2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src (nodejs:14)",
                  "product_id": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=src\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src (nodejs:14)",
                  "product_id": "nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.15-1.module%2Bel8.4.0%2B13503%2Bfc29810b?arch=src\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
                "product": {
                  "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14)",
                  "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch (nodejs:14)",
                  "product_id": "nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch (nodejs:14)",
                  "product_id": "nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.15-1.module%2Bel8.4.0%2B13503%2Bfc29810b?arch=noarch\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14)",
                  "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le (nodejs:14)",
                  "product_id": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le (nodejs:14)",
                  "product_id": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.15-1.14.18.2.2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x (nodejs:14)",
                  "product_id": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x (nodejs:14)",
                  "product_id": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.15-1.14.18.2.2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64 (nodejs:14)",
                  "product_id": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64 (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64 (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64 (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64 (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.18.2-2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64 (nodejs:14)",
                  "product_id": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.15-1.14.18.2.2.module%2Bel8.4.0%2B13643%2B6c0ebf22?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020211213111158:522a0ee4"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14"
        },
        "product_reference": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14"
        },
        "product_reference": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14"
        },
        "product_reference": "nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14"
        },
        "product_reference": "nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14"
        },
        "product_reference": "nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14"
        },
        "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14"
        },
        "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14"
        },
        "product_reference": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14"
        },
        "product_reference": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14"
        },
        "product_reference": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
          "product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        },
        "product_reference": "npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-7788",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1907444"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ini: Prototype pollution via malicious INI file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Node.JS packages in Red Hat Enterprise Linux and Red Hat Software Collections included the vulnerable dependency packaged in \"nodejs-npm\" component. Processing malicious files using npm could potentially trigger this vulnerability. The \"ini\" package bundled with npm was not in the library path where it could be included directly in other programs.\n\nThe nodejs-nodemon packages in Red Hat Enterprise Linux and Red Hat Software Collections are affected by this vulnerability as they bundle the nodejs-ini library.  Usage of that library is governed by nodemon itself, so applications started by nodemon are not impacted.  Further, nodemon is a developer tool not intended to be used in production.\n\nThe ini package is included in Red Hat Quay by protractor and webpack-cli, both of which are dev dependencies.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-7788"
        },
        {
          "category": "external",
          "summary": "RHBZ#1907444",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907444"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-7788"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7788",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7788"
        }
      ],
      "release_date": "2020-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-25T09:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0246"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-ini: Prototype pollution via malicious INI file"
    },
    {
      "cve": "CVE-2020-28469",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1945459"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent function. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-glob-parent: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While some components do package a vulnerable version of glob-parent, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n   - OpenShift Container Platform (OCP)\n   - OpenShift ServiceMesh (OSSM)\n   - Red Hat Advanced Cluster Management for Kubernetes (RHACM)\n   - OpenShift distributed tracing",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28469"
        },
        {
          "category": "external",
          "summary": "RHBZ#1945459",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905",
          "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
        }
      ],
      "release_date": "2021-01-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-25T09:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0246"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-glob-parent: Regular expression denial of service"
    },
    {
      "cve": "CVE-2021-3807",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2007557"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "RHBZ#2007557",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994",
          "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
        }
      ],
      "release_date": "2021-09-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-25T09:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0246"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes"
    },
    {
      "cve": "CVE-2021-3918",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2021-11-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2024702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-json-schema: Prototype pollution vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "npm versions 8.0.0 and older provide a vulnerable version of the json-schema library. However, it is currently believed that in the context of npm, it is not possible to take advantage of the vulnerability.\n\nRed Hat Enterprise Linux version 8 and Software Collections provide a vulnerable version of the json-schema library only as embedded in the npm package. As a result, the severity of the incident has been lowered for these 2 products.\n\nRed Hat Quay includes json-schema as a development dependency of quay-registry-container. As a result, the impact rating has been lowered to Moderate.\n\nIn Red Hat OpenShift Container Platform (RHOCP), Red Hat Openshift Data Foundations (ODF), Red Hat distributed tracing, Migration Toolkit for Virtualization (MTV) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth. This restricts access to the vulnerable json-schema library to authenticated users only, therefore the impact is reduced to Moderate.\n\nIn Red Hat Openshift Data Foundations (ODF) the odf4/mcg-core-rhel8 component has \"Will not fix status\", but starting from ODF 4.11 stream this component contains already patched version of the json-schema library. Earlier version of ODF are already under Maintenance Support phase, hence this vulnerability will not be fixed.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3918"
        },
        {
          "category": "external",
          "summary": "RHBZ#2024702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918"
        }
      ],
      "release_date": "2021-10-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-25T09:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0246"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs-json-schema: Prototype pollution vulnerability"
    },
    {
      "cve": "CVE-2021-22959",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2014057"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling (HRS) vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied (such as proxy, reverse-proxy, load-balancer), an attacker can use this flaw to inject arbitrary messages through the proxy. The highest threat from this vulnerability is to confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "llhttp: HTTP Request Smuggling due to spaces in headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-22959"
        },
        {
          "category": "external",
          "summary": "RHBZ#2014057",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22959",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-22959"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/"
        }
      ],
      "release_date": "2021-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-25T09:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0246"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "llhttp: HTTP Request Smuggling due to spaces in headers"
    },
    {
      "cve": "CVE-2021-22960",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2014059"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling (HRS) vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied (such as proxy, reverse-proxy, load-balancer), an attacker can use this flaw to inject arbitrary messages through the proxy. The highest threat from this vulnerability is to confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "llhttp: HTTP Request Smuggling when parsing the body of chunked requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-22960"
        },
        {
          "category": "external",
          "summary": "RHBZ#2014059",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-22960"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/"
        }
      ],
      "release_date": "2021-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-25T09:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0246"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "llhttp: HTTP Request Smuggling when parsing the body of chunked requests"
    },
    {
      "cve": "CVE-2021-33502",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-05-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1964461"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-normalize-url: ReDoS for data URLs",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-33502"
        },
        {
          "category": "external",
          "summary": "RHBZ#1964461",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33502",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539",
          "url": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539"
        }
      ],
      "release_date": "2021-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-25T09:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0246"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-normalize-url: ReDoS for data URLs"
    },
    {
      "cve": "CVE-2021-37701",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2021-08-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1999731"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the npm package \"tar\" (aka node-tar). Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on directories. This flaw allows an untrusted tar file to extract and overwrite files into an arbitrary location. A similar confusion can arise on case-insensitive filesystems. The highest threat from this vulnerability is to integrity and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux version 8 and Red Hat Software Collection both embed `node-tar` in the npm command. However, npm explicitly prevents the extraction of symlink via a filter. npm might still be affected via node-gyp, if the attacker is able to control the target URL.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37701"
        },
        {
          "category": "external",
          "summary": "RHBZ#1999731",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999731"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37701",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37701",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37701"
        },
        {
          "category": "external",
          "summary": "https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc",
          "url": "https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1779",
          "url": "https://www.npmjs.com/advisories/1779"
        }
      ],
      "release_date": "2021-08-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-25T09:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0246"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite"
    },
    {
      "cve": "CVE-2021-37712",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2021-08-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1999739"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the npm package \"tar\" (aka node-tar). Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an untrusted tar file to extract and overwrite files into an arbitrary location. The highest threat from this vulnerability is to integrity and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux version 8 and Red Hat Software Collection both embed `node-tar` in the npm command. However, npm explicitly prevents the extraction of symlink via a filter. npm might still be affected via node-gyp, if the attacker is able to control the target URL.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
          "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37712"
        },
        {
          "category": "external",
          "summary": "RHBZ#1999739",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999739"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37712",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37712",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37712"
        },
        {
          "category": "external",
          "summary": "https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p",
          "url": "https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1780",
          "url": "https://www.npmjs.com/advisories/1780"
        }
      ],
      "release_date": "2021-08-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-01-25T09:28:51+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0246"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.18.2-2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.15-1.module+el8.4.0+13503+fc29810b.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.aarch64::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.ppc64le::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.s390x::nodejs:14",
            "AppStream-8.4.0.Z.EUS:npm-1:6.14.15-1.14.18.2.2.module+el8.4.0+13643+6c0ebf22.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite"
    }
  ]
}

RHSA-2022:0350

Vulnerability from csaf_redhat - Published: 2022-02-01 21:18 - Updated: 2026-04-30 16:09

Summary

Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

Severity

Moderate

Notes

Topic: An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (14.18.2), nodejs-nodemon (2.0.15). (BZ#2027609) Security Fix(es): * nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918) * nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * normalize-url: ReDoS for data URLs (CVE-2021-33502) * nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37701) * nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37712) * llhttp: HTTP Request Smuggling due to spaces in headers (CVE-2021-22959) * llhttp: HTTP Request Smuggling when parsing the body of chunked requests (CVE-2021-22960) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-7788

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2020-28469

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Low

CVE-2021-3807

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-3918

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-22959

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Low

CVE-2021-22960

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Low

CVE-2021-33502

A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-37701

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2021-37712

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Fixed 30 products

Product	Version	Remediation
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14	—	Vendor Fix fix
Unresolved product id: AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14	—	Vendor Fix fix

Threats

Impact Moderate

References

56 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:0350	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1907444	external
https://bugzilla.redhat.com/show_bug.cgi?id=1945459	external
https://bugzilla.redhat.com/show_bug.cgi?id=1964461	external
https://bugzilla.redhat.com/show_bug.cgi?id=1999731	external
https://bugzilla.redhat.com/show_bug.cgi?id=1999739	external
https://bugzilla.redhat.com/show_bug.cgi?id=2007557	external
https://bugzilla.redhat.com/show_bug.cgi?id=2014057	external
https://bugzilla.redhat.com/show_bug.cgi?id=2014059	external
https://bugzilla.redhat.com/show_bug.cgi?id=2024702	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-7788	self
https://bugzilla.redhat.com/show_bug.cgi?id=1907444	external
https://www.cve.org/CVERecord?id=CVE-2020-7788	external
https://nvd.nist.gov/vuln/detail/CVE-2020-7788	external
https://access.redhat.com/security/cve/CVE-2020-28469	self
https://bugzilla.redhat.com/show_bug.cgi?id=1945459	external
https://www.cve.org/CVERecord?id=CVE-2020-28469	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28469	external
https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905	external
https://access.redhat.com/security/cve/CVE-2021-3807	self
https://bugzilla.redhat.com/show_bug.cgi?id=2007557	external
https://www.cve.org/CVERecord?id=CVE-2021-3807	external
https://nvd.nist.gov/vuln/detail/CVE-2021-3807	external
https://huntr.dev/bounties/5b3cf33b-ede0-4398-997…	external
https://access.redhat.com/security/cve/CVE-2021-3918	self
https://bugzilla.redhat.com/show_bug.cgi?id=2024702	external
https://www.cve.org/CVERecord?id=CVE-2021-3918	external
https://nvd.nist.gov/vuln/detail/CVE-2021-3918	external
https://access.redhat.com/security/cve/CVE-2021-22959	self
https://bugzilla.redhat.com/show_bug.cgi?id=2014057	external
https://www.cve.org/CVERecord?id=CVE-2021-22959	external
https://nvd.nist.gov/vuln/detail/CVE-2021-22959	external
https://nodejs.org/en/blog/vulnerability/oct-2021…	external
https://access.redhat.com/security/cve/CVE-2021-22960	self
https://bugzilla.redhat.com/show_bug.cgi?id=2014059	external
https://www.cve.org/CVERecord?id=CVE-2021-22960	external
https://nvd.nist.gov/vuln/detail/CVE-2021-22960	external
https://access.redhat.com/security/cve/CVE-2021-33502	self
https://bugzilla.redhat.com/show_bug.cgi?id=1964461	external
https://www.cve.org/CVERecord?id=CVE-2021-33502	external
https://nvd.nist.gov/vuln/detail/CVE-2021-33502	external
https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539	external
https://access.redhat.com/security/cve/CVE-2021-37701	self
https://bugzilla.redhat.com/show_bug.cgi?id=1999731	external
https://www.cve.org/CVERecord?id=CVE-2021-37701	external
https://nvd.nist.gov/vuln/detail/CVE-2021-37701	external
https://github.com/npm/node-tar/security/advisori…	external
https://www.npmjs.com/advisories/1779	external
https://access.redhat.com/security/cve/CVE-2021-37712	self
https://bugzilla.redhat.com/show_bug.cgi?id=1999739	external
https://www.cve.org/CVERecord?id=CVE-2021-37712	external
https://nvd.nist.gov/vuln/detail/CVE-2021-37712	external
https://github.com/npm/node-tar/security/advisori…	external
https://www.npmjs.com/advisories/1780	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.18.2), nodejs-nodemon (2.0.15). (BZ#2027609)\n\nSecurity Fix(es):\n\n* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37701)\n\n* nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite (CVE-2021-37712)\n\n* llhttp: HTTP Request Smuggling due to spaces in headers (CVE-2021-22959)\n\n* llhttp: HTTP Request Smuggling when parsing the body of chunked requests (CVE-2021-22960)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:0350",
        "url": "https://access.redhat.com/errata/RHSA-2022:0350"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1907444",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907444"
      },
      {
        "category": "external",
        "summary": "1945459",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459"
      },
      {
        "category": "external",
        "summary": "1964461",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
      },
      {
        "category": "external",
        "summary": "1999731",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999731"
      },
      {
        "category": "external",
        "summary": "1999739",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999739"
      },
      {
        "category": "external",
        "summary": "2007557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
      },
      {
        "category": "external",
        "summary": "2014057",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057"
      },
      {
        "category": "external",
        "summary": "2014059",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059"
      },
      {
        "category": "external",
        "summary": "2024702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024702"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0350.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2026-04-30T16:09:40+00:00",
      "generator": {
        "date": "2026-04-30T16:09:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2022:0350",
      "initial_release_date": "2022-02-01T21:18:22+00:00",
      "revision_history": [
        {
          "date": "2022-02-01T21:18:22+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-02-01T21:18:22+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T16:09:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.5.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le (nodejs:14)",
                  "product_id": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le (nodejs:14)",
                  "product_id": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.15-1.14.18.2.2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src (nodejs:14)",
                  "product_id": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=src\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src (nodejs:14)",
                  "product_id": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.15-1.module%2Bel8.5.0%2B13504%2Ba2e74d91?arch=src\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
                "product": {
                  "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14)",
                  "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch (nodejs:14)",
                  "product_id": "nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch (nodejs:14)",
                  "product_id": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.15-1.module%2Bel8.5.0%2B13504%2Ba2e74d91?arch=noarch\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
                "product": {
                  "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14)",
                  "product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64 (nodejs:14)",
                  "product_id": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64 (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64 (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64 (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64 (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64 (nodejs:14)",
                  "product_id": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.15-1.14.18.2.2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x (nodejs:14)",
                  "product_id": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x (nodejs:14)",
                  "product_id": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.15-1.14.18.2.2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64 (nodejs:14)",
                  "product_id": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64 (nodejs:14)",
                  "product_id": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64 (nodejs:14)",
                  "product_id": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64 (nodejs:14)",
                  "product_id": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-devel@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
                "product": {
                  "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64 (nodejs:14)",
                  "product_id": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@14.18.2-2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
                "product": {
                  "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64 (nodejs:14)",
                  "product_id": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@6.14.15-1.14.18.2.2.module%2Bel8.5.0%2B13644%2B8d46dafd?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8050020211213115342:c5368500"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14"
        },
        "product_reference": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14"
        },
        "product_reference": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14"
        },
        "product_reference": "nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        },
        "product_reference": "nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14"
        },
        "product_reference": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14"
        },
        "product_reference": "nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14"
        },
        "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14"
        },
        "product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14"
        },
        "product_reference": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14"
        },
        "product_reference": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14"
        },
        "product_reference": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        },
        "product_reference": "npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
        "relates_to_product_reference": "AppStream-8.5.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-7788",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-12-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1907444"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ini: Prototype pollution via malicious INI file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Node.JS packages in Red Hat Enterprise Linux and Red Hat Software Collections included the vulnerable dependency packaged in \"nodejs-npm\" component. Processing malicious files using npm could potentially trigger this vulnerability. The \"ini\" package bundled with npm was not in the library path where it could be included directly in other programs.\n\nThe nodejs-nodemon packages in Red Hat Enterprise Linux and Red Hat Software Collections are affected by this vulnerability as they bundle the nodejs-ini library.  Usage of that library is governed by nodemon itself, so applications started by nodemon are not impacted.  Further, nodemon is a developer tool not intended to be used in production.\n\nThe ini package is included in Red Hat Quay by protractor and webpack-cli, both of which are dev dependencies.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-7788"
        },
        {
          "category": "external",
          "summary": "RHBZ#1907444",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907444"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-7788"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7788",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7788"
        }
      ],
      "release_date": "2020-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-02-01T21:18:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0350"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-ini: Prototype pollution via malicious INI file"
    },
    {
      "cve": "CVE-2020-28469",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1945459"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent function. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-glob-parent: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While some components do package a vulnerable version of glob-parent, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n   - OpenShift Container Platform (OCP)\n   - OpenShift ServiceMesh (OSSM)\n   - Red Hat Advanced Cluster Management for Kubernetes (RHACM)\n   - OpenShift distributed tracing",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28469"
        },
        {
          "category": "external",
          "summary": "RHBZ#1945459",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905",
          "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
        }
      ],
      "release_date": "2021-01-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-02-01T21:18:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0350"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-glob-parent: Regular expression denial of service"
    },
    {
      "cve": "CVE-2021-3807",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2007557"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "RHBZ#2007557",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994",
          "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
        }
      ],
      "release_date": "2021-09-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-02-01T21:18:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0350"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes"
    },
    {
      "cve": "CVE-2021-3918",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2021-11-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2024702"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The json-schema Node.JS library was vulnerable to prototype pollution during the validation of a JSON object. An attacker, able to provide a specially crafted JSON file for validation, could use this flaw to modify the behavior of the node program, to, for example, execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-json-schema: Prototype pollution vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "npm versions 8.0.0 and older provide a vulnerable version of the json-schema library. However, it is currently believed that in the context of npm, it is not possible to take advantage of the vulnerability.\n\nRed Hat Enterprise Linux version 8 and Software Collections provide a vulnerable version of the json-schema library only as embedded in the npm package. As a result, the severity of the incident has been lowered for these 2 products.\n\nRed Hat Quay includes json-schema as a development dependency of quay-registry-container. As a result, the impact rating has been lowered to Moderate.\n\nIn Red Hat OpenShift Container Platform (RHOCP), Red Hat Openshift Data Foundations (ODF), Red Hat distributed tracing, Migration Toolkit for Virtualization (MTV) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected components are behind OpenShift OAuth. This restricts access to the vulnerable json-schema library to authenticated users only, therefore the impact is reduced to Moderate.\n\nIn Red Hat Openshift Data Foundations (ODF) the odf4/mcg-core-rhel8 component has \"Will not fix status\", but starting from ODF 4.11 stream this component contains already patched version of the json-schema library. Earlier version of ODF are already under Maintenance Support phase, hence this vulnerability will not be fixed.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3918"
        },
        {
          "category": "external",
          "summary": "RHBZ#2024702",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024702"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3918"
        }
      ],
      "release_date": "2021-10-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-02-01T21:18:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0350"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-json-schema: Prototype pollution vulnerability"
    },
    {
      "cve": "CVE-2021-22959",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2014057"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling (HRS) vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied (such as proxy, reverse-proxy, load-balancer), an attacker can use this flaw to inject arbitrary messages through the proxy. The highest threat from this vulnerability is to confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "llhttp: HTTP Request Smuggling due to spaces in headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-22959"
        },
        {
          "category": "external",
          "summary": "RHBZ#2014057",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014057"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22959",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-22959"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/"
        }
      ],
      "release_date": "2021-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-02-01T21:18:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0350"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "llhttp: HTTP Request Smuggling due to spaces in headers"
    },
    {
      "cve": "CVE-2021-22960",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2021-10-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2014059"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An HTTP Request Smuggling (HRS) vulnerability was found in the llhttp library, used by Node.JS. During the parsing of chunked messages, the chunk size parameter was not validated properly. In situations where HTTP conversations are being proxied (such as proxy, reverse-proxy, load-balancer), an attacker can use this flaw to inject arbitrary messages through the proxy. The highest threat from this vulnerability is to confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "llhttp: HTTP Request Smuggling when parsing the body of chunked requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Quay from version 3.4 consumes nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because nodejs is only used at build time and is no longer shipped, starting with Quay 3.5 [2].\n[1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security\n[2] https://issues.redhat.com/browse/PROJQUAY-1409\nTherefore Quay component is marked as \"Will not fix\".",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-22960"
        },
        {
          "category": "external",
          "summary": "RHBZ#2014059",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014059"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-22960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-22960"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/"
        }
      ],
      "release_date": "2021-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-02-01T21:18:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0350"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "llhttp: HTTP Request Smuggling when parsing the body of chunked requests"
    },
    {
      "cve": "CVE-2021-33502",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-05-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1964461"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-normalize-url: ReDoS for data URLs",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-33502"
        },
        {
          "category": "external",
          "summary": "RHBZ#1964461",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33502",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539",
          "url": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539"
        }
      ],
      "release_date": "2021-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-02-01T21:18:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0350"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-normalize-url: ReDoS for data URLs"
    },
    {
      "cve": "CVE-2021-37701",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2021-08-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1999731"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the npm package \"tar\" (aka node-tar). Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on directories. This flaw allows an untrusted tar file to extract and overwrite files into an arbitrary location. A similar confusion can arise on case-insensitive filesystems. The highest threat from this vulnerability is to integrity and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux version 8 and Red Hat Software Collection both embed `node-tar` in the npm command. However, npm explicitly prevents the extraction of symlink via a filter. npm might still be affected via node-gyp, if the attacker is able to control the target URL.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37701"
        },
        {
          "category": "external",
          "summary": "RHBZ#1999731",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999731"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37701",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37701",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37701"
        },
        {
          "category": "external",
          "summary": "https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc",
          "url": "https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1779",
          "url": "https://www.npmjs.com/advisories/1779"
        }
      ],
      "release_date": "2021-08-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-02-01T21:18:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0350"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite"
    },
    {
      "cve": "CVE-2021-37712",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "discovery_date": "2021-08-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1999739"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the npm package \"tar\" (aka node-tar). Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an untrusted tar file to extract and overwrite files into an arbitrary location. The highest threat from this vulnerability is to integrity and system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Enterprise Linux version 8 and Red Hat Software Collection both embed `node-tar` in the npm command. However, npm explicitly prevents the extraction of symlink via a filter. npm might still be affected via node-gyp, if the attacker is able to control the target URL.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
          "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-37712"
        },
        {
          "category": "external",
          "summary": "RHBZ#1999739",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999739"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-37712",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-37712",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37712"
        },
        {
          "category": "external",
          "summary": "https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p",
          "url": "https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/advisories/1780",
          "url": "https://www.npmjs.com/advisories/1780"
        }
      ],
      "release_date": "2021-08-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-02-01T21:18:22+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0350"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debuginfo-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-debugsource-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-devel-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-docs-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-full-i18n-1:14.18.2-2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-nodemon-0:2.0.15-1.module+el8.5.0+13504+a2e74d91.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.aarch64::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.ppc64le::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.s390x::nodejs:14",
            "AppStream-8.5.0.Z.MAIN:npm-1:6.14.15-1.14.18.2.2.module+el8.5.0+13644+8d46dafd.x86_64::nodejs:14"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite"
    }
  ]
}

RHSA-2022:6595

Vulnerability from csaf_redhat - Published: 2022-09-20 12:27 - Updated: 2026-04-30 16:09

Summary

Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update

Severity

Moderate

Notes

Topic: An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16.16.0), nodejs-nodemon (2.0.19). (BZ#2124230, BZ#2124233) Security Fix(es): * nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788) * nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469) * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * normalize-url: ReDoS for data URLs (CVE-2021-33502) * nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace (CVE-2022-29244) * nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212) * nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213) * nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214) * nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215) * got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs:16/nodejs: Rebase to the latest Nodejs 16 release [rhel-9] (BZ#2121019) * nodejs: Specify --with-default-icu-data-dir when using bootstrap build (BZ#2124299)

CVE-2020-7788

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch		—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src		—	Vendor Fix fix

Known not affected 34 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64		—

Threats

Impact Moderate

CVE-2020-28469

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch		—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src		—	Vendor Fix fix

Known not affected 34 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64		—

Threats

Impact Low

CVE-2021-3807

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch		—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src		—	Vendor Fix fix

Known not affected 34 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64		—

Threats

Impact Moderate

CVE-2021-33502

A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch		—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src		—	Vendor Fix fix

Known not affected 34 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64		—

Threats

Impact Moderate

CVE-2022-29244

A flaw was found in npm. This security issue occurs because the npm pack ignores root-level ".gitignore" and ".npmignore" file exclusion directives when run in a workspace or with a workspace flag (for example, --workspaces, --workspace=<name>). Anyone who has run 'npm pack' or 'npm publish' inside a workspace has published files into the npm registry they did not intend to include. This flaw exposes sensitive information to an unauthorized user or an attacker.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64	—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src		—

Threats

Impact Moderate

CVE-2022-32212

A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided (for instance, 10.0.2.555 is provided), browsers (such as Firefox) will make DNS requests to the DNS server. This issue provides a vector for an attacker-controlled DNS server or a Man-in-the-middle attack (MITM) who can spoof DNS responses to perform a rebinding attack and then connect to the WebSocket debugger allowing for arbitrary code execution on the target system.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-703 - Improper Check or Handling of Exceptional Conditions

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64	—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src		—

Threats

Impact Moderate

CVE-2022-32213

A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling (HRS), causing web cache poisoning, and conducting XSS attacks.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64	—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src		—

Threats

Impact Moderate

CVE-2022-32214

A vulnerability was found in NodeJS due to the llhttp parser in the http module not strictly using the CRLF sequence to delimit HTTP requests. This issue can lead to HTTP Request Smuggling (HRS). This flaw allows an attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers, causing web cache poisoning, and conducting XSS attacks.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64	—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src		—

Threats

Impact Moderate

CVE-2022-32215

A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling (HRS). This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers, causing web cache poisoning, and conducting XSS attacks.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 34 products

Product	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64	—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src		—

Threats

Impact Moderate

CVE-2022-33987

A flaw was found in the `got` package for node.js. Requested URLs are not verified and allow open redirection to a local UNIX socket.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch		—	Vendor Fix fix
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src		—	Vendor Fix fix

Known not affected 34 products

Product	Identifier	Version	Remediation
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x		—
Unresolved product id: AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64		—

Threats

Impact Moderate

References

62 references

URL	Category
https://access.redhat.com/errata/RHSA-2022:6595	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1907444	external
https://bugzilla.redhat.com/show_bug.cgi?id=1945459	external
https://bugzilla.redhat.com/show_bug.cgi?id=1964461	external
https://bugzilla.redhat.com/show_bug.cgi?id=2007557	external
https://bugzilla.redhat.com/show_bug.cgi?id=2098556	external
https://bugzilla.redhat.com/show_bug.cgi?id=2102001	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105422	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105426	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105428	external
https://bugzilla.redhat.com/show_bug.cgi?id=2105430	external
https://bugzilla.redhat.com/show_bug.cgi?id=2121019	external
https://bugzilla.redhat.com/show_bug.cgi?id=2124299	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-7788	self
https://bugzilla.redhat.com/show_bug.cgi?id=1907444	external
https://www.cve.org/CVERecord?id=CVE-2020-7788	external
https://nvd.nist.gov/vuln/detail/CVE-2020-7788	external
https://access.redhat.com/security/cve/CVE-2020-28469	self
https://bugzilla.redhat.com/show_bug.cgi?id=1945459	external
https://www.cve.org/CVERecord?id=CVE-2020-28469	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28469	external
https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905	external
https://access.redhat.com/security/cve/CVE-2021-3807	self
https://bugzilla.redhat.com/show_bug.cgi?id=2007557	external
https://www.cve.org/CVERecord?id=CVE-2021-3807	external
https://nvd.nist.gov/vuln/detail/CVE-2021-3807	external
https://huntr.dev/bounties/5b3cf33b-ede0-4398-997…	external
https://access.redhat.com/security/cve/CVE-2021-33502	self
https://bugzilla.redhat.com/show_bug.cgi?id=1964461	external
https://www.cve.org/CVERecord?id=CVE-2021-33502	external
https://nvd.nist.gov/vuln/detail/CVE-2021-33502	external
https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539	external
https://access.redhat.com/security/cve/CVE-2022-29244	self
https://bugzilla.redhat.com/show_bug.cgi?id=2098556	external
https://www.cve.org/CVERecord?id=CVE-2022-29244	external
https://nvd.nist.gov/vuln/detail/CVE-2022-29244	external
https://github.com/npm/cli/security/advisories/GH…	external
https://access.redhat.com/security/cve/CVE-2022-32212	self
https://bugzilla.redhat.com/show_bug.cgi?id=2105422	external
https://www.cve.org/CVERecord?id=CVE-2022-32212	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32212	external
https://nodejs.org/en/blog/vulnerability/july-202…	external
https://access.redhat.com/security/cve/CVE-2022-32213	self
https://bugzilla.redhat.com/show_bug.cgi?id=2105430	external
https://www.cve.org/CVERecord?id=CVE-2022-32213	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32213	external
https://access.redhat.com/security/cve/CVE-2022-32214	self
https://bugzilla.redhat.com/show_bug.cgi?id=2105428	external
https://www.cve.org/CVERecord?id=CVE-2022-32214	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32214	external
https://access.redhat.com/security/cve/CVE-2022-32215	self
https://bugzilla.redhat.com/show_bug.cgi?id=2105426	external
https://www.cve.org/CVERecord?id=CVE-2022-32215	external
https://nvd.nist.gov/vuln/detail/CVE-2022-32215	external
https://access.redhat.com/security/cve/CVE-2022-33987	self
https://bugzilla.redhat.com/show_bug.cgi?id=2102001	external
https://www.cve.org/CVERecord?id=CVE-2022-33987	external
https://nvd.nist.gov/vuln/detail/CVE-2022-33987	external
https://github.com/sindresorhus/got/pull/2047	external
https://github.com/sindresorhus/got/releases/tag/…	external

Acknowledgments

Axel Chong

Zeyu Zhang

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (16.16.0), nodejs-nodemon (2.0.19). (BZ#2124230, BZ#2124233)\n\nSecurity Fix(es):\n\n* nodejs-ini: Prototype pollution via malicious INI file (CVE-2020-7788)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace (CVE-2022-29244)\n\n* nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)\n\n* nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)\n\n* nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)\n\n* nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)\n\n* got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* nodejs:16/nodejs: Rebase to the latest Nodejs 16 release [rhel-9] (BZ#2121019)\n\n* nodejs: Specify --with-default-icu-data-dir when using bootstrap build (BZ#2124299)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:6595",
        "url": "https://access.redhat.com/errata/RHSA-2022:6595"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1907444",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907444"
      },
      {
        "category": "external",
        "summary": "1945459",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459"
      },
      {
        "category": "external",
        "summary": "1964461",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
      },
      {
        "category": "external",
        "summary": "2007557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
      },
      {
        "category": "external",
        "summary": "2098556",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098556"
      },
      {
        "category": "external",
        "summary": "2102001",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102001"
      },
      {
        "category": "external",
        "summary": "2105422",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105422"
      },
      {
        "category": "external",
        "summary": "2105426",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105426"
      },
      {
        "category": "external",
        "summary": "2105428",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105428"
      },
      {
        "category": "external",
        "summary": "2105430",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105430"
      },
      {
        "category": "external",
        "summary": "2121019",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2121019"
      },
      {
        "category": "external",
        "summary": "2124299",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2124299"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_6595.json"
      }
    ],
    "title": "Red Hat Security Advisory: nodejs and nodejs-nodemon security and bug fix update",
    "tracking": {
      "current_release_date": "2026-04-30T16:09:49+00:00",
      "generator": {
        "date": "2026-04-30T16:09:49+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.7"
        }
      },
      "id": "RHSA-2022:6595",
      "initial_release_date": "2022-09-20T12:27:54+00:00",
      "revision_history": [
        {
          "date": "2022-09-20T12:27:54+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-09-20T12:27:54+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-30T16:09:49+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.0.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.16.0-1.el9_0.src",
                "product": {
                  "name": "nodejs-1:16.16.0-1.el9_0.src",
                  "product_id": "nodejs-1:16.16.0-1.el9_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.16.0-1.el9_0?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.19-1.el9_0.src",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.19-1.el9_0.src",
                  "product_id": "nodejs-nodemon-0:2.0.19-1.el9_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.19-1.el9_0?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.16.0-1.el9_0.aarch64",
                "product": {
                  "name": "nodejs-1:16.16.0-1.el9_0.aarch64",
                  "product_id": "nodejs-1:16.16.0-1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.16.0-1.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
                "product": {
                  "name": "nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
                  "product_id": "nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.16.0-1.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.16.0-1.el9_0.aarch64",
                "product": {
                  "name": "nodejs-libs-1:16.16.0-1.el9_0.aarch64",
                  "product_id": "nodejs-libs-1:16.16.0-1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.16.0-1.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
                "product": {
                  "name": "npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
                  "product_id": "npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.11.0-1.16.16.0.1.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
                "product": {
                  "name": "nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
                  "product_id": "nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.16.0-1.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
                "product": {
                  "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
                  "product_id": "nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.16.0-1.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
                  "product_id": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.16.0-1.el9_0?arch=aarch64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.16.0-1.el9_0.ppc64le",
                "product": {
                  "name": "nodejs-1:16.16.0-1.el9_0.ppc64le",
                  "product_id": "nodejs-1:16.16.0-1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.16.0-1.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
                "product": {
                  "name": "nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
                  "product_id": "nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.16.0-1.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
                "product": {
                  "name": "nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
                  "product_id": "nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.16.0-1.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
                "product": {
                  "name": "npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
                  "product_id": "npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.11.0-1.16.16.0.1.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
                "product": {
                  "name": "nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
                  "product_id": "nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.16.0-1.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
                "product": {
                  "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
                  "product_id": "nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.16.0-1.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
                  "product_id": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.16.0-1.el9_0?arch=ppc64le\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.16.0-1.el9_0.x86_64",
                "product": {
                  "name": "nodejs-1:16.16.0-1.el9_0.x86_64",
                  "product_id": "nodejs-1:16.16.0-1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.16.0-1.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
                "product": {
                  "name": "nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
                  "product_id": "nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.16.0-1.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.16.0-1.el9_0.x86_64",
                "product": {
                  "name": "nodejs-libs-1:16.16.0-1.el9_0.x86_64",
                  "product_id": "nodejs-libs-1:16.16.0-1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.16.0-1.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64",
                "product": {
                  "name": "npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64",
                  "product_id": "npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.11.0-1.16.16.0.1.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
                "product": {
                  "name": "nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
                  "product_id": "nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.16.0-1.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
                "product": {
                  "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
                  "product_id": "nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.16.0-1.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
                  "product_id": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.16.0-1.el9_0?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.16.0-1.el9_0.i686",
                "product": {
                  "name": "nodejs-libs-1:16.16.0-1.el9_0.i686",
                  "product_id": "nodejs-libs-1:16.16.0-1.el9_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.16.0-1.el9_0?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.16.0-1.el9_0.i686",
                "product": {
                  "name": "nodejs-debugsource-1:16.16.0-1.el9_0.i686",
                  "product_id": "nodejs-debugsource-1:16.16.0-1.el9_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.16.0-1.el9_0?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
                "product": {
                  "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
                  "product_id": "nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.16.0-1.el9_0?arch=i686\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
                  "product_id": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.16.0-1.el9_0?arch=i686\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-1:16.16.0-1.el9_0.s390x",
                "product": {
                  "name": "nodejs-1:16.16.0-1.el9_0.s390x",
                  "product_id": "nodejs-1:16.16.0-1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs@16.16.0-1.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
                "product": {
                  "name": "nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
                  "product_id": "nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-full-i18n@16.16.0-1.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-1:16.16.0-1.el9_0.s390x",
                "product": {
                  "name": "nodejs-libs-1:16.16.0-1.el9_0.s390x",
                  "product_id": "nodejs-libs-1:16.16.0-1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs@16.16.0-1.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
                "product": {
                  "name": "npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
                  "product_id": "npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/npm@8.11.0-1.16.16.0.1.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
                "product": {
                  "name": "nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
                  "product_id": "nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debugsource@16.16.0-1.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
                "product": {
                  "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
                  "product_id": "nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-debuginfo@16.16.0-1.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
                "product": {
                  "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
                  "product_id": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@16.16.0-1.el9_0?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs-docs-1:16.16.0-1.el9_0.noarch",
                "product": {
                  "name": "nodejs-docs-1:16.16.0-1.el9_0.noarch",
                  "product_id": "nodejs-docs-1:16.16.0-1.el9_0.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-docs@16.16.0-1.el9_0?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
                "product": {
                  "name": "nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
                  "product_id": "nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.19-1.el9_0?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.16.0-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64"
        },
        "product_reference": "nodejs-1:16.16.0-1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.16.0-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le"
        },
        "product_reference": "nodejs-1:16.16.0-1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.16.0-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x"
        },
        "product_reference": "nodejs-1:16.16.0-1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.16.0-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src"
        },
        "product_reference": "nodejs-1:16.16.0-1.el9_0.src",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-1:16.16.0-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64"
        },
        "product_reference": "nodejs-1:16.16.0-1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64"
        },
        "product_reference": "nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686"
        },
        "product_reference": "nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le"
        },
        "product_reference": "nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x"
        },
        "product_reference": "nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64"
        },
        "product_reference": "nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.16.0-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64"
        },
        "product_reference": "nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.16.0-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686"
        },
        "product_reference": "nodejs-debugsource-1:16.16.0-1.el9_0.i686",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le"
        },
        "product_reference": "nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.16.0-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x"
        },
        "product_reference": "nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-debugsource-1:16.16.0-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64"
        },
        "product_reference": "nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-docs-1:16.16.0-1.el9_0.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch"
        },
        "product_reference": "nodejs-docs-1:16.16.0-1.el9_0.noarch",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64"
        },
        "product_reference": "nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le"
        },
        "product_reference": "nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.16.0-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x"
        },
        "product_reference": "nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64"
        },
        "product_reference": "nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.16.0-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64"
        },
        "product_reference": "nodejs-libs-1:16.16.0-1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.16.0-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686"
        },
        "product_reference": "nodejs-libs-1:16.16.0-1.el9_0.i686",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.16.0-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le"
        },
        "product_reference": "nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.16.0-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x"
        },
        "product_reference": "nodejs-libs-1:16.16.0-1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-1:16.16.0-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64"
        },
        "product_reference": "nodejs-libs-1:16.16.0-1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64"
        },
        "product_reference": "nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.19-1.el9_0.noarch as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch"
        },
        "product_reference": "nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs-nodemon-0:2.0.19-1.el9_0.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
        },
        "product_reference": "nodejs-nodemon-0:2.0.19-1.el9_0.src",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64"
        },
        "product_reference": "npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le"
        },
        "product_reference": "npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.11.0-1.16.16.0.1.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x"
        },
        "product_reference": "npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
        },
        "product_reference": "npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64",
        "relates_to_product_reference": "AppStream-9.0.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-7788",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2020-12-11T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1907444"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ini: Prototype pollution via malicious INI file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Node.JS packages in Red Hat Enterprise Linux and Red Hat Software Collections included the vulnerable dependency packaged in \"nodejs-npm\" component. Processing malicious files using npm could potentially trigger this vulnerability. The \"ini\" package bundled with npm was not in the library path where it could be included directly in other programs.\n\nThe nodejs-nodemon packages in Red Hat Enterprise Linux and Red Hat Software Collections are affected by this vulnerability as they bundle the nodejs-ini library.  Usage of that library is governed by nodemon itself, so applications started by nodemon are not impacted.  Further, nodemon is a developer tool not intended to be used in production.\n\nThe ini package is included in Red Hat Quay by protractor and webpack-cli, both of which are dev dependencies.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-7788"
        },
        {
          "category": "external",
          "summary": "RHBZ#1907444",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1907444"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-7788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-7788"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7788",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7788"
        }
      ],
      "release_date": "2020-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-20T12:27:54+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6595"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-ini: Prototype pollution via malicious INI file"
    },
    {
      "cve": "CVE-2020-28469",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1945459"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent function. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-glob-parent: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While some components do package a vulnerable version of glob-parent, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n   - OpenShift Container Platform (OCP)\n   - OpenShift ServiceMesh (OSSM)\n   - Red Hat Advanced Cluster Management for Kubernetes (RHACM)\n   - OpenShift distributed tracing",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28469"
        },
        {
          "category": "external",
          "summary": "RHBZ#1945459",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945459"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28469",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28469"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905",
          "url": "https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905"
        }
      ],
      "release_date": "2021-01-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-20T12:27:54+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6595"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-glob-parent: Regular expression denial of service"
    },
    {
      "cve": "CVE-2021-3807",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2007557"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "RHBZ#2007557",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994",
          "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
        }
      ],
      "release_date": "2021-09-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-20T12:27:54+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6595"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes"
    },
    {
      "cve": "CVE-2021-33502",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-05-24T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1964461"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in normalize-url. Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-normalize-url: ReDoS for data URLs",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-33502"
        },
        {
          "category": "external",
          "summary": "RHBZ#1964461",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964461"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-33502",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33502"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539",
          "url": "https://snyk.io/vuln/SNYK-JS-NORMALIZEURL-1296539"
        }
      ],
      "release_date": "2021-05-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-20T12:27:54+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6595"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-normalize-url: ReDoS for data URLs"
    },
    {
      "cve": "CVE-2022-29244",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2022-06-20T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2098556"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in npm. This security issue occurs because the npm pack ignores root-level \".gitignore\" and \".npmignore\" file exclusion directives when run in a workspace or with a workspace flag (for example, --workspaces, --workspace=\u003cname\u003e). Anyone who has run \u0027npm pack\u0027 or \u0027npm publish\u0027 inside a workspace has published files into the npm registry they did not intend to include. This flaw exposes sensitive information to an unauthorized user or an attacker.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-29244"
        },
        {
          "category": "external",
          "summary": "RHBZ#2098556",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098556"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-29244",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29244"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-29244",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29244"
        },
        {
          "category": "external",
          "summary": "https://github.com/npm/cli/security/advisories/GHSA-hj9c-8jmm-8c52",
          "url": "https://github.com/npm/cli/security/advisories/GHSA-hj9c-8jmm-8c52"
        }
      ],
      "release_date": "2022-06-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-20T12:27:54+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6595"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Axel Chong"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-32212",
      "cwe": {
        "id": "CWE-703",
        "name": "Improper Check or Handling of Exceptional Conditions"
      },
      "discovery_date": "2022-07-08T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2105422"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in NodeJS, where the IsAllowedHost check can be easily bypassed because IsIPAddress does not properly check if an IP address is invalid or not. When an invalid IPv4 address is provided (for instance, 10.0.2.555 is provided), browsers (such as Firefox) will make DNS requests to the DNS server. This issue provides a vector for an attacker-controlled DNS server or a Man-in-the-middle attack (MITM) who can spoof DNS responses to perform a rebinding attack and then connect to the WebSocket debugger allowing for arbitrary code execution on the target system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: DNS rebinding in --inspect via invalid IP addresses",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is a bypass of CVE-2021-22884.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32212"
        },
        {
          "category": "external",
          "summary": "RHBZ#2105422",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105422"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32212",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
        }
      ],
      "release_date": "2022-07-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-20T12:27:54+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6595"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: DNS rebinding in --inspect via invalid IP addresses"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Zeyu Zhang"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-32213",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-07-08T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2105430"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling (HRS), causing web cache poisoning, and conducting XSS attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32213"
        },
        {
          "category": "external",
          "summary": "RHBZ#2105430",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105430"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32213",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
        }
      ],
      "release_date": "2022-07-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-20T12:27:54+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6595"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Zeyu Zhang"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-32214",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-07-08T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2105428"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in NodeJS due to the llhttp parser in the http module not strictly using the CRLF sequence to delimit HTTP requests. This issue can lead to HTTP Request Smuggling (HRS). This flaw allows an attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers, causing web cache poisoning, and conducting XSS attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP request smuggling due to improper delimiting of header fields",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32214"
        },
        {
          "category": "external",
          "summary": "RHBZ#2105428",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105428"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32214",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
        }
      ],
      "release_date": "2022-07-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-20T12:27:54+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6595"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP request smuggling due to improper delimiting of header fields"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Zeyu Zhang"
          ],
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2022-32215",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-07-08T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2105426"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in NodeJS due to the llhttp parser in the HTTP module incorrectly handling multi-line Transfer-Encoding headers. This issue can lead to HTTP Request Smuggling (HRS). This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers, causing web cache poisoning, and conducting XSS attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-32215"
        },
        {
          "category": "external",
          "summary": "RHBZ#2105426",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105426"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-32215",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
        },
        {
          "category": "external",
          "summary": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/",
          "url": "https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/"
        }
      ],
      "release_date": "2022-07-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-20T12:27:54+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6595"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding"
    },
    {
      "cve": "CVE-2022-33987",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2022-06-28T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2102001"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the `got` package for node.js. Requested URLs are not verified and allow open redirection to a local UNIX socket.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "As got is only a transitive dependency of a development dependency of kiali OpenShift Service Mesh as well as being removed in version 2.2+, this flaw will not be fixed at this time for the openshift-istio-kiali-rhel8-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
        ],
        "known_not_affected": [
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
          "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-33987"
        },
        {
          "category": "external",
          "summary": "RHBZ#2102001",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2102001"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-33987",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-33987",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33987"
        },
        {
          "category": "external",
          "summary": "https://github.com/sindresorhus/got/pull/2047",
          "url": "https://github.com/sindresorhus/got/pull/2047"
        },
        {
          "category": "external",
          "summary": "https://github.com/sindresorhus/got/releases/tag/v11.8.5",
          "url": "https://github.com/sindresorhus/got/releases/tag/v11.8.5"
        }
      ],
      "release_date": "2022-06-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-09-20T12:27:54+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:6595"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-debugsource-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-docs-1:16.16.0-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-full-i18n-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.i686",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-libs-debuginfo-1:16.16.0-1.el9_0.x86_64",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.noarch",
            "AppStream-9.0.0.Z.MAIN.EUS:nodejs-nodemon-0:2.0.19-1.el9_0.src",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.aarch64",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.ppc64le",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.s390x",
            "AppStream-9.0.0.Z.MAIN.EUS:npm-1:8.11.0-1.16.16.0.1.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets"
    }
  ]
}

WID-SEC-W-2022-1354

Vulnerability from csaf_certbund - Published: 2021-05-04 22:00 - Updated: 2025-12-21 23:00

Summary

Red Hat Enterprise Linux: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Linux

CVE-2020-28469

Affected products

Known affected 6 products

Product	Identifier	Version
HCL AppScan Enterprise <10.9.0 HCL / AppScan Enterprise		<10.9.0
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
JFrog Artifactory <7.46.3 JFrog / Artifactory		<7.46.3
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
HCL BigFix HCL	`cpe:/a:hcltech:bigfix:-`	—

CVE-2021-23358

Affected products

Known affected 6 products

Product	Identifier	Version
HCL AppScan Enterprise <10.9.0 HCL / AppScan Enterprise		<10.9.0
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
JFrog Artifactory <7.46.3 JFrog / Artifactory		<7.46.3
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
HCL BigFix HCL	`cpe:/a:hcltech:bigfix:-`	—

CVE-2021-28092

Affected products

Known affected 6 products

Product	Identifier	Version
HCL AppScan Enterprise <10.9.0 HCL / AppScan Enterprise		<10.9.0
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
JFrog Artifactory <7.46.3 JFrog / Artifactory		<7.46.3
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
HCL BigFix HCL	`cpe:/a:hcltech:bigfix:-`	—

CVE-2021-28918

Affected products

Known affected 6 products

Product	Identifier	Version
HCL AppScan Enterprise <10.9.0 HCL / AppScan Enterprise		<10.9.0
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
JFrog Artifactory <7.46.3 JFrog / Artifactory		<7.46.3
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
HCL BigFix HCL	`cpe:/a:hcltech:bigfix:-`	—

CVE-2021-29418

Affected products

Known affected 6 products

Product	Identifier	Version
HCL AppScan Enterprise <10.9.0 HCL / AppScan Enterprise		<10.9.0
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
JFrog Artifactory <7.46.3 JFrog / Artifactory		<7.46.3
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8
HCL BigFix HCL	`cpe:/a:hcltech:bigfix:-`	—

References

17 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2021:1499	external
https://access.redhat.com/errata/RHSA-2021:2461	external
https://access.redhat.com/errata/RHSA-2021:2865	external
https://support.hcltechsw.com/csm?id=kb_article&s…	external
https://access.redhat.com/errata/RHSA-2021:3016	external
https://access.redhat.com/errata/RHSA-2021:3281	external
https://access.redhat.com/errata/RHSA-2021:3280	external
https://access.redhat.com/errata/RHSA-2021:3759	external
https://access.redhat.com/errata/RHSA-2021:4626	external
https://access.redhat.com/errata/RHSA-2022:0350	external
http://linux.oracle.com/errata/ELSA-2022-0350.html	external
https://access.redhat.com/errata/RHSA-2022:6393	external
https://access.redhat.com/errata/RHSA-2022:6595	external
https://www.jfrog.com/confluence/display/JFROG/Fi…	external
https://support.hcl-software.com/community?id=com…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Informationen offenzulegen, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren oder Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-1354 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-1354.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-1354 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1354"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory: RHSA-2021:1499 vom 2021-05-04",
        "url": "https://access.redhat.com/errata/RHSA-2021:1499"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2461 vom 2021-06-16",
        "url": "https://access.redhat.com/errata/RHSA-2021:2461"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:2865 vom 2021-07-22",
        "url": "https://access.redhat.com/errata/RHSA-2021:2865"
      },
      {
        "category": "external",
        "summary": "HCL Article KB0090800 vom 2021-08-03",
        "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0090800"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3016 vom 2021-08-06",
        "url": "https://access.redhat.com/errata/RHSA-2021:3016"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3281 vom 2021-08-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:3281"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3280 vom 2021-08-26",
        "url": "https://access.redhat.com/errata/RHSA-2021:3280"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:3759 vom 2021-10-18",
        "url": "https://access.redhat.com/errata/RHSA-2021:3759"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:4626 vom 2021-11-16",
        "url": "https://access.redhat.com/errata/RHSA-2021:4626"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:0350 vom 2022-02-02",
        "url": "https://access.redhat.com/errata/RHSA-2022:0350"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2022-0350 vom 2022-02-02",
        "url": "http://linux.oracle.com/errata/ELSA-2022-0350.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6393 vom 2022-09-08",
        "url": "https://access.redhat.com/errata/RHSA-2022:6393"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2022:6595 vom 2022-09-21",
        "url": "https://access.redhat.com/errata/RHSA-2022:6595"
      },
      {
        "category": "external",
        "summary": "JFrog Fixed Security Vulnerabilities",
        "url": "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2025-12-21",
        "url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=ad96310c330eb690159a05273e5c7b0c"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-12-21T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-22T09:09:59.068+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2022-1354",
      "initial_release_date": "2021-05-04T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-05-04T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-06-16T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-07-22T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-02T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von HCL aufgenommen"
        },
        {
          "date": "2021-08-05T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-08-15T22:00:00.000+00:00",
          "number": "6",
          "summary": "Referenz(en) aufgenommen: FEDORA-2021-F278299902, FEDORA-2021-E49F936D9F"
        },
        {
          "date": "2021-08-26T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-10-18T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-11-16T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-02-01T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-02-02T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2022-09-08T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-09-20T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2022-10-03T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2025-12-21T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von HCL aufgenommen"
        }
      ],
      "status": "final",
      "version": "15"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.9.0",
                "product": {
                  "name": "HCL AppScan Enterprise \u003c10.9.0",
                  "product_id": "T049616"
                }
              },
              {
                "category": "product_version",
                "name": "10.9.0",
                "product": {
                  "name": "HCL AppScan Enterprise 10.9.0",
                  "product_id": "T049616-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltech:appscan_enterprise:10.9.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AppScan Enterprise"
          },
          {
            "category": "product_name",
            "name": "HCL BigFix",
            "product": {
              "name": "HCL BigFix",
              "product_id": "T017494",
              "product_identification_helper": {
                "cpe": "cpe:/a:hcltech:bigfix:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.46.3",
                "product": {
                  "name": "JFrog Artifactory \u003c7.46.3",
                  "product_id": "T024764"
                }
              },
              {
                "category": "product_version",
                "name": "7.46.3",
                "product": {
                  "name": "JFrog Artifactory 7.46.3",
                  "product_id": "T024764-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:jfrog:artifactory:7.46.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Artifactory"
          }
        ],
        "category": "vendor",
        "name": "JFrog"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Red Hat Enterprise Linux 8",
                  "product_id": "T014111",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28469",
      "product_status": {
        "known_affected": [
          "T049616",
          "67646",
          "T024764",
          "T004914",
          "T014111",
          "T017494"
        ]
      },
      "release_date": "2021-05-04T22:00:00.000+00:00",
      "title": "CVE-2020-28469"
    },
    {
      "cve": "CVE-2021-23358",
      "product_status": {
        "known_affected": [
          "T049616",
          "67646",
          "T024764",
          "T004914",
          "T014111",
          "T017494"
        ]
      },
      "release_date": "2021-05-04T22:00:00.000+00:00",
      "title": "CVE-2021-23358"
    },
    {
      "cve": "CVE-2021-28092",
      "product_status": {
        "known_affected": [
          "T049616",
          "67646",
          "T024764",
          "T004914",
          "T014111",
          "T017494"
        ]
      },
      "release_date": "2021-05-04T22:00:00.000+00:00",
      "title": "CVE-2021-28092"
    },
    {
      "cve": "CVE-2021-28918",
      "product_status": {
        "known_affected": [
          "T049616",
          "67646",
          "T024764",
          "T004914",
          "T014111",
          "T017494"
        ]
      },
      "release_date": "2021-05-04T22:00:00.000+00:00",
      "title": "CVE-2021-28918"
    },
    {
      "cve": "CVE-2021-29418",
      "product_status": {
        "known_affected": [
          "T049616",
          "67646",
          "T024764",
          "T004914",
          "T014111",
          "T017494"
        ]
      },
      "release_date": "2021-05-04T22:00:00.000+00:00",
      "title": "CVE-2021-29418"
    }
  ]
}

WID-SEC-W-2023-0856

Vulnerability from csaf_certbund - Published: 2022-05-31 22:00 - Updated: 2023-04-04 22:00

Summary

IBM QRadar SIEM: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux

CVE-2020-11655

In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitslücken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

CVE-2020-11656

CVE-2020-13434

CVE-2020-13435

CVE-2020-13630

CVE-2020-13631

CVE-2020-13632

CVE-2020-15168

CVE-2020-15358

CVE-2020-28469

CVE-2020-7788

CVE-2020-9327

CVE-2021-22918

CVE-2021-22930

CVE-2021-22931

CVE-2021-22939

CVE-2021-22940

CVE-2021-23343

CVE-2021-23362

CVE-2021-27290

CVE-2021-32803

CVE-2021-32804

CVE-2021-33502

CVE-2021-3672

CVE-2021-37701

CVE-2021-37712

CVE-2021-37713

CVE-2021-3807

CVE-2021-3918

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/6980799	external
https://www.ibm.com/support/pages/node/6590981	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0856 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0856.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0856 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0856"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6980799 vom 2023-04-04",
        "url": "https://www.ibm.com/support/pages/node/6980799"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2022-05-31",
        "url": "https://www.ibm.com/support/pages/node/6590981"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM QRadar SIEM: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-04-04T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:48:07.215+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0856",
      "initial_release_date": "2022-05-31T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-05-31T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-04-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM QRadar SIEM \u003c 3.0.1",
            "product": {
              "name": "IBM QRadar SIEM \u003c 3.0.1",
              "product_id": "T023376",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:qradar_siem:3.0.1"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-11655",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2020-11655"
    },
    {
      "cve": "CVE-2020-11656",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2020-11656"
    },
    {
      "cve": "CVE-2020-13434",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2020-13434"
    },
    {
      "cve": "CVE-2020-13435",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2020-13435"
    },
    {
      "cve": "CVE-2020-13630",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2020-13630"
    },
    {
      "cve": "CVE-2020-13631",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2020-13631"
    },
    {
      "cve": "CVE-2020-13632",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2020-13632"
    },
    {
      "cve": "CVE-2020-15168",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2020-15168"
    },
    {
      "cve": "CVE-2020-15358",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2020-15358"
    },
    {
      "cve": "CVE-2020-28469",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2020-28469"
    },
    {
      "cve": "CVE-2020-7788",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2020-7788"
    },
    {
      "cve": "CVE-2020-9327",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2020-9327"
    },
    {
      "cve": "CVE-2021-22918",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-22918"
    },
    {
      "cve": "CVE-2021-22930",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-22930"
    },
    {
      "cve": "CVE-2021-22931",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-22931"
    },
    {
      "cve": "CVE-2021-22939",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-22939"
    },
    {
      "cve": "CVE-2021-22940",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-22940"
    },
    {
      "cve": "CVE-2021-23343",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-23343"
    },
    {
      "cve": "CVE-2021-23362",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-23362"
    },
    {
      "cve": "CVE-2021-27290",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-27290"
    },
    {
      "cve": "CVE-2021-32803",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-32803"
    },
    {
      "cve": "CVE-2021-32804",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-32804"
    },
    {
      "cve": "CVE-2021-33502",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-33502"
    },
    {
      "cve": "CVE-2021-3672",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-3672"
    },
    {
      "cve": "CVE-2021-37701",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-37701"
    },
    {
      "cve": "CVE-2021-37712",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-37712"
    },
    {
      "cve": "CVE-2021-37713",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-37713"
    },
    {
      "cve": "CVE-2021-3807",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-3807"
    },
    {
      "cve": "CVE-2021-3918",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen im Zusammenhang mit bekannten Sicherheitsl\u00fccken in den Komponenten Node.js und SQLite. Ein Angreifer kann diese Schwachstellen ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden."
        }
      ],
      "release_date": "2022-05-31T22:00:00.000+00:00",
      "title": "CVE-2021-3918"
    }
  ]
}

WID-SEC-W-2023-0857

Vulnerability from csaf_certbund - Published: 2022-05-24 22:00 - Updated: 2023-04-04 22:00

Summary

IBM QRadar SIEM: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: IBM QRadar Security Information and Event Management (SIEM) bietet Unterstützung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herbeizuführen, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Linux

CVE-2020-15168

In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten "Node.js", "node-sass" sowie "UAParser.js". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herbeizuführen, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2020-24025

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2020-28469

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2020-28498

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2020-28500

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2020-7793

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2021-23337

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2021-27292

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2021-29060

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2021-32803

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2021-32804

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2021-33502

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2021-33623

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2021-37701

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2021-37712

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2021-37713

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

CVE-2021-3807

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM QRadar SIEM IBM	`cpe:/a:ibm:qradar_siem:-`	—

References

5 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/6980799	external
https://www.ibm.com/support/pages/node/6589583	external
https://www.ibm.com/support/pages/node/6589581	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM QRadar Security Information and Event Management (SIEM) bietet Unterst\u00fctzung bei der Erkennung und Priorisierung von Sicherheitsbedrohungen im Unternehmen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in IBM QRadar SIEM ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0857 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2023-0857.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0857 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0857"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 6980799 vom 2023-04-04",
        "url": "https://www.ibm.com/support/pages/node/6980799"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 6589583 vom 2022-05-24",
        "url": "https://www.ibm.com/support/pages/node/6589583"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin: 6589583 vom 2022-05-24",
        "url": "https://www.ibm.com/support/pages/node/6589581"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM QRadar SIEM: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-04-04T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:48:07.460+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0857",
      "initial_release_date": "2022-05-24T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-05-24T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-04-04T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM QRadar SIEM",
            "product": {
              "name": "IBM QRadar SIEM",
              "product_id": "T021415",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:qradar_siem:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-15168",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2020-15168"
    },
    {
      "cve": "CVE-2020-24025",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2020-24025"
    },
    {
      "cve": "CVE-2020-28469",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2020-28469"
    },
    {
      "cve": "CVE-2020-28498",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2020-28498"
    },
    {
      "cve": "CVE-2020-28500",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2020-28500"
    },
    {
      "cve": "CVE-2020-7793",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2020-7793"
    },
    {
      "cve": "CVE-2021-23337",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2021-23337"
    },
    {
      "cve": "CVE-2021-27292",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2021-27292"
    },
    {
      "cve": "CVE-2021-29060",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2021-29060"
    },
    {
      "cve": "CVE-2021-32803",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2021-32803"
    },
    {
      "cve": "CVE-2021-32804",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2021-32804"
    },
    {
      "cve": "CVE-2021-33502",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2021-33502"
    },
    {
      "cve": "CVE-2021-33623",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2021-33623"
    },
    {
      "cve": "CVE-2021-37701",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2021-37701"
    },
    {
      "cve": "CVE-2021-37712",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2021-37712"
    },
    {
      "cve": "CVE-2021-37713",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2021-37713"
    },
    {
      "cve": "CVE-2021-3807",
      "notes": [
        {
          "category": "description",
          "text": "In IBM QRadar SIEM existieren mehrere Schwachstellen. Die Schwachstellen bestehen in den Komponenten \"Node.js\", \"node-sass\" sowie \"UAParser.js\". Ein entfernter, anonymer oder lokaler Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien manipulieren oder Sicherheitsvorkehrungen zu umgehen. Zur erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T021415"
        ]
      },
      "release_date": "2022-05-24T22:00:00.000+00:00",
      "title": "CVE-2021-3807"
    }
  ]
}

WID-SEC-W-2023-1350

Vulnerability from csaf_certbund - Published: 2023-06-01 22:00 - Updated: 2025-11-18 23:00

Summary

Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern

Severity

Mittel

Notes

Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2017-16042

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2018-25032

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-10744

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-10746

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-20149

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-13822

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-15138

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-28469

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-7662

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-7753

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-7774

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8116

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8169

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8177

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8203

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8231

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8284

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8285

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8286

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-20095

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22876

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22890

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22897

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22898

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22901

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22922

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22923

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22924

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22925

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22926

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22945

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22946

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22947

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23343

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23368

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23382

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-27292

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-29060

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-31566

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33502

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33503

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33587

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3520

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-36976

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3803

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-43565

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1705

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1962

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-22576

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23491

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23772

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23773

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23806

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24675

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24921

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24999

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-25858

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27191

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27664

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27774

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27775

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27776

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27778

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27779

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27780

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27781

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27782

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-28131

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-28327

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2879

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2880

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-29526

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-29804

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30115

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30580

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30629

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30630

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30631

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30632

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30633

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30634

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30635

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-31129

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32148

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32189

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32205

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32206

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32207

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32208

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32221

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-33987

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3517

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35252

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35260

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35737

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-36227

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37434

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37599

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37601

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37603

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37616

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-38900

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40023

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40303

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40304

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41715

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41716

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41720

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-4200

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42004

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42915

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42916

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-4304

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43551

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43552

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43680

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-46175

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-0215

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-0286

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-1370

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23914

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23915

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23916

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27533

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27534

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27535

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27536

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27537

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27538

Affected products

Known affected 9 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.5 Splunk / Splunk Enterprise		<9.0.5
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <8.1.14 Splunk / Splunk Enterprise		<8.1.14
Splunk Splunk Enterprise <8.2.11 Splunk / Splunk Enterprise		<8.2.11
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://advisory.splunk.com/advisories/SVD-2023-0613	external
https://www.ibm.com/support/pages/node/7008449	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1350 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1350.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1350 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1350"
      },
      {
        "category": "external",
        "summary": "Splunk Enterprise Security Advisory SVD-2023-0613 vom 2023-06-01",
        "url": "https://advisory.splunk.com/advisories/SVD-2023-0613"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
        "url": "https://www.ibm.com/support/pages/node/7008449"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0487-1 vom 2024-02-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017931.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0486-1 vom 2024-02-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017932.html"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - November 18 2025",
        "url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern",
    "tracking": {
      "current_release_date": "2025-11-18T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-19T09:42:52.592+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2023-1350",
      "initial_release_date": "2023-06-01T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-06-01T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-06-29T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-01-23T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-02-15T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.1",
                "product": {
                  "name": "Atlassian Confluence \u003c10.1.1",
                  "product_id": "T048680"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.1",
                "product": {
                  "name": "Atlassian Confluence 10.1.1",
                  "product_id": "T048680-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Confluence \u003c10.0.2",
                  "product_id": "T048685"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.2",
                "product": {
                  "name": "Atlassian Confluence 10.0.2",
                  "product_id": "T048685-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.7",
                "product": {
                  "name": "Atlassian Confluence \u003c9.2.7",
                  "product_id": "T048686"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.7",
                "product": {
                  "name": "Atlassian Confluence 9.2.7",
                  "product_id": "T048686-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:9.2.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.25",
                "product": {
                  "name": "Atlassian Confluence \u003c8.5.25",
                  "product_id": "T048687"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.25",
                "product": {
                  "name": "Atlassian Confluence 8.5.25",
                  "product_id": "T048687-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.25"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM DB2",
            "product": {
              "name": "IBM DB2",
              "product_id": "5104",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:db2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.1.14",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c8.1.14",
                  "product_id": "T027935"
                }
              },
              {
                "category": "product_version",
                "name": "8.1.14",
                "product": {
                  "name": "Splunk Splunk Enterprise 8.1.14",
                  "product_id": "T027935-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.1.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.2.11",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c8.2.11",
                  "product_id": "T027936"
                }
              },
              {
                "category": "product_version",
                "name": "8.2.11",
                "product": {
                  "name": "Splunk Splunk Enterprise 8.2.11",
                  "product_id": "T027936-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.2.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.5",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.5",
                  "product_id": "T027937"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.5",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.0.5",
                  "product_id": "T027937-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-16042",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2017-16042"
    },
    {
      "cve": "CVE-2018-25032",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2018-25032"
    },
    {
      "cve": "CVE-2019-10744",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2019-10744"
    },
    {
      "cve": "CVE-2019-10746",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2019-10746"
    },
    {
      "cve": "CVE-2019-20149",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2019-20149"
    },
    {
      "cve": "CVE-2020-13822",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-13822"
    },
    {
      "cve": "CVE-2020-15138",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-15138"
    },
    {
      "cve": "CVE-2020-28469",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-28469"
    },
    {
      "cve": "CVE-2020-7662",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-7662"
    },
    {
      "cve": "CVE-2020-7753",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-7753"
    },
    {
      "cve": "CVE-2020-7774",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-7774"
    },
    {
      "cve": "CVE-2020-8116",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8116"
    },
    {
      "cve": "CVE-2020-8169",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8169"
    },
    {
      "cve": "CVE-2020-8177",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8177"
    },
    {
      "cve": "CVE-2020-8203",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8203"
    },
    {
      "cve": "CVE-2020-8231",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8231"
    },
    {
      "cve": "CVE-2020-8284",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8284"
    },
    {
      "cve": "CVE-2020-8285",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8285"
    },
    {
      "cve": "CVE-2020-8286",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2020-8286"
    },
    {
      "cve": "CVE-2021-20095",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-20095"
    },
    {
      "cve": "CVE-2021-22876",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22876"
    },
    {
      "cve": "CVE-2021-22890",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22890"
    },
    {
      "cve": "CVE-2021-22897",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22897"
    },
    {
      "cve": "CVE-2021-22898",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22898"
    },
    {
      "cve": "CVE-2021-22901",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22901"
    },
    {
      "cve": "CVE-2021-22922",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22922"
    },
    {
      "cve": "CVE-2021-22923",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22923"
    },
    {
      "cve": "CVE-2021-22924",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2021-22925",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22925"
    },
    {
      "cve": "CVE-2021-22926",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22926"
    },
    {
      "cve": "CVE-2021-22945",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22945"
    },
    {
      "cve": "CVE-2021-22946",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22946"
    },
    {
      "cve": "CVE-2021-22947",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-22947"
    },
    {
      "cve": "CVE-2021-23343",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-23343"
    },
    {
      "cve": "CVE-2021-23368",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-23368"
    },
    {
      "cve": "CVE-2021-23382",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-23382"
    },
    {
      "cve": "CVE-2021-27292",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-27292"
    },
    {
      "cve": "CVE-2021-29060",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-29060"
    },
    {
      "cve": "CVE-2021-31566",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-31566"
    },
    {
      "cve": "CVE-2021-33502",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-33502"
    },
    {
      "cve": "CVE-2021-33503",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-33503"
    },
    {
      "cve": "CVE-2021-33587",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-33587"
    },
    {
      "cve": "CVE-2021-3520",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-3520"
    },
    {
      "cve": "CVE-2021-36976",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-36976"
    },
    {
      "cve": "CVE-2021-3803",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-3803"
    },
    {
      "cve": "CVE-2021-43565",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2021-43565"
    },
    {
      "cve": "CVE-2022-1705",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2022-1962",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-22576",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-22576"
    },
    {
      "cve": "CVE-2022-23491",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23491"
    },
    {
      "cve": "CVE-2022-23772",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23772"
    },
    {
      "cve": "CVE-2022-23773",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23773"
    },
    {
      "cve": "CVE-2022-23806",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-23806"
    },
    {
      "cve": "CVE-2022-24675",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-24675"
    },
    {
      "cve": "CVE-2022-24921",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-24921"
    },
    {
      "cve": "CVE-2022-24999",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-24999"
    },
    {
      "cve": "CVE-2022-25858",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-25858"
    },
    {
      "cve": "CVE-2022-27191",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27191"
    },
    {
      "cve": "CVE-2022-27664",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27664"
    },
    {
      "cve": "CVE-2022-27774",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27774"
    },
    {
      "cve": "CVE-2022-27775",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27775"
    },
    {
      "cve": "CVE-2022-27776",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27776"
    },
    {
      "cve": "CVE-2022-27778",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27778"
    },
    {
      "cve": "CVE-2022-27779",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27779"
    },
    {
      "cve": "CVE-2022-27780",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27780"
    },
    {
      "cve": "CVE-2022-27781",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27781"
    },
    {
      "cve": "CVE-2022-27782",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-28131",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-28327",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-28327"
    },
    {
      "cve": "CVE-2022-2879",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-2879"
    },
    {
      "cve": "CVE-2022-2880",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-2880"
    },
    {
      "cve": "CVE-2022-29526",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-29526"
    },
    {
      "cve": "CVE-2022-29804",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-29804"
    },
    {
      "cve": "CVE-2022-30115",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30115"
    },
    {
      "cve": "CVE-2022-30580",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30580"
    },
    {
      "cve": "CVE-2022-30629",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30629"
    },
    {
      "cve": "CVE-2022-30630",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30631",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30632",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30633",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-30634",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30634"
    },
    {
      "cve": "CVE-2022-30635",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-30635"
    },
    {
      "cve": "CVE-2022-31129",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-32148",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32148"
    },
    {
      "cve": "CVE-2022-32189",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32189"
    },
    {
      "cve": "CVE-2022-32205",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32205"
    },
    {
      "cve": "CVE-2022-32206",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32206"
    },
    {
      "cve": "CVE-2022-32207",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32207"
    },
    {
      "cve": "CVE-2022-32208",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32208"
    },
    {
      "cve": "CVE-2022-32221",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-32221"
    },
    {
      "cve": "CVE-2022-33987",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-33987"
    },
    {
      "cve": "CVE-2022-3517",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-3517"
    },
    {
      "cve": "CVE-2022-35252",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-35260",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-35260"
    },
    {
      "cve": "CVE-2022-35737",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-35737"
    },
    {
      "cve": "CVE-2022-36227",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-36227"
    },
    {
      "cve": "CVE-2022-37434",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37434"
    },
    {
      "cve": "CVE-2022-37599",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-37601",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37603",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-37616",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-37616"
    },
    {
      "cve": "CVE-2022-38900",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-38900"
    },
    {
      "cve": "CVE-2022-40023",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-40023"
    },
    {
      "cve": "CVE-2022-40303",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-40303"
    },
    {
      "cve": "CVE-2022-40304",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-40304"
    },
    {
      "cve": "CVE-2022-41715",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-41715"
    },
    {
      "cve": "CVE-2022-41716",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-41716"
    },
    {
      "cve": "CVE-2022-41720",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-41720"
    },
    {
      "cve": "CVE-2022-4200",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-4200"
    },
    {
      "cve": "CVE-2022-42004",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42915",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-42915"
    },
    {
      "cve": "CVE-2022-42916",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-42916"
    },
    {
      "cve": "CVE-2022-4304",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-4304"
    },
    {
      "cve": "CVE-2022-43551",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-43551"
    },
    {
      "cve": "CVE-2022-43552",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-43552"
    },
    {
      "cve": "CVE-2022-43680",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-43680"
    },
    {
      "cve": "CVE-2022-46175",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2023-0215",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-0215"
    },
    {
      "cve": "CVE-2023-0286",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-0286"
    },
    {
      "cve": "CVE-2023-1370",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-1370"
    },
    {
      "cve": "CVE-2023-23914",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-23914"
    },
    {
      "cve": "CVE-2023-23915",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-23915"
    },
    {
      "cve": "CVE-2023-23916",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-27533",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27533"
    },
    {
      "cve": "CVE-2023-27534",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27534"
    },
    {
      "cve": "CVE-2023-27535",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27535"
    },
    {
      "cve": "CVE-2023-27536",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27536"
    },
    {
      "cve": "CVE-2023-27537",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27537"
    },
    {
      "cve": "CVE-2023-27538",
      "product_status": {
        "known_affected": [
          "T027937",
          "T002207",
          "T027935",
          "T027936",
          "T048680",
          "5104",
          "T048685",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-06-01T22:00:00.000+00:00",
      "title": "CVE-2023-27538"
    }
  ]
}

WID-SEC-W-2023-2229

Vulnerability from csaf_certbund - Published: 2023-08-30 22:00 - Updated: 2025-11-18 23:00

Summary

Splunk Splunk Enterprise: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff: Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.

Betroffene Betriebssysteme: - Linux - MacOS X - Windows

CVE-2013-7489

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2018-10237

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2018-20225

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-20454

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2019-20838

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-14155

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-28469

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-28851

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-29652

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8169

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8177

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8231

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8284

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8285

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8286

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2020-8908

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-20066

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22569

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22876

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22890

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22897

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22898

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22901

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22922

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22923

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22924

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22925

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22926

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22945

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22946

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-22947

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23343

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-23382

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-27918

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-27919

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-29060

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-29425

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-29923

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-31525

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-31566

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33194

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33195

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33196

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33197

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-33198

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-34558

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3520

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3572

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-36221

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-36976

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-3803

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-38297

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-38561

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-39293

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41182

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41183

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41184

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41771

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-41772

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-43565

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-44716

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2021-44717

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1705

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1941

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-1962

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-22576

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2309

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23491

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23772

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23773

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-23806

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24675

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24921

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-24999

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-25881

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27191

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27536

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27664

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27774

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27775

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27776

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27778

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27779

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27780

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27781

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-27782

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-28131

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-28327

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2879

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-2880

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-29526

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-29804

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30115

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30580

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30629

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30630

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30631

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30632

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30633

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30634

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-30635

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-31129

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3171

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32148

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32149

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32189

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32205

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32206

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32207

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32208

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-32221

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-33987

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3509

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3510

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-3517

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35252

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35260

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-35737

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-36227

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37599

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37601

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-37603

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-38900

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40023

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40897

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-40899

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41715

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41716

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41720

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-41722

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42003

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42004

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42915

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-42916

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43551

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-43552

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2022-46175

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23914

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23915

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-23916

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-24539

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-24540

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27533

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27534

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27535

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27536

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27537

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-27538

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29400

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29402

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29403

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29404

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-29405

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40592

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40593

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40594

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40595

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40596

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40597

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

CVE-2023-40598

Affected products

Known affected 13 products

Product	Identifier	Version
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Atlassian Confluence <10.1.1 Atlassian / Confluence		<10.1.1
Splunk Splunk Enterprise Splunk / Splunk Enterprise	`cpe:/a:splunk:splunk:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Atlassian Confluence <10.0.2 Atlassian / Confluence		<10.0.2
Splunk Splunk Enterprise <8.2.12 Splunk / Splunk Enterprise		<8.2.12
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1
Splunk Splunk Enterprise <9.0.6 Splunk / Splunk Enterprise		<9.0.6
Splunk Splunk Enterprise <9.1.1 Splunk / Splunk Enterprise		<9.1.1
Atlassian Confluence <8.5.25 Atlassian / Confluence		<8.5.25
Atlassian Confluence <9.2.7 Atlassian / Confluence		<9.2.7

References

16 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://advisory.splunk.com//advisories/SVD-2023-0801	external
https://advisory.splunk.com//advisories/SVD-2023-0802	external
https://advisory.splunk.com//advisories/SVD-2023-0803	external
https://advisory.splunk.com//advisories/SVD-2023-0804	external
https://advisory.splunk.com//advisories/SVD-2023-0805	external
https://advisory.splunk.com//advisories/SVD-2023-0806	external
https://advisory.splunk.com//advisories/SVD-2023-0807	external
https://advisory.splunk.com//advisories/SVD-2023-0808	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://linux.oracle.com/errata/ELSA-2024-2988.html	external
https://advisory.splunk.com/advisories/SVD-2024-0718	external
https://advisory.splunk.com//advisories/SVD-2024-0801	external
https://lists.opensuse.org/archives/list/security…	external
https://confluence.atlassian.com/security/securit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- MacOS X\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2229 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2229.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2229 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2229"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0801"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0802"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0803"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0804"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0805"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0806"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0807"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory vom 2023-08-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2023-0808"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
        "url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02",
        "url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0801 vom 2024-08-12",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0801"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:03545-1 vom 2025-10-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UB7MGNRMXC5LO5Y66FLOE354VVU5ULQK/"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin - November 18 2025",
        "url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Splunk Enterprise: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-11-18T23:00:00.000+00:00",
      "generator": {
        "date": "2025-11-19T09:42:41.445+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2023-2229",
      "initial_release_date": "2023-08-30T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-08-30T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-01-23T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-28T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-07-01T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2024-08-12T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2025-10-12T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2025-11-18T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c10.1.1",
                "product": {
                  "name": "Atlassian Confluence \u003c10.1.1",
                  "product_id": "T048680"
                }
              },
              {
                "category": "product_version",
                "name": "10.1.1",
                "product": {
                  "name": "Atlassian Confluence 10.1.1",
                  "product_id": "T048680-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c10.0.2",
                "product": {
                  "name": "Atlassian Confluence \u003c10.0.2",
                  "product_id": "T048685"
                }
              },
              {
                "category": "product_version",
                "name": "10.0.2",
                "product": {
                  "name": "Atlassian Confluence 10.0.2",
                  "product_id": "T048685-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:10.0.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.7",
                "product": {
                  "name": "Atlassian Confluence \u003c9.2.7",
                  "product_id": "T048686"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.7",
                "product": {
                  "name": "Atlassian Confluence 9.2.7",
                  "product_id": "T048686-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:9.2.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.5.25",
                "product": {
                  "name": "Atlassian Confluence \u003c8.5.25",
                  "product_id": "T048687"
                }
              },
              {
                "category": "product_version",
                "name": "8.5.25",
                "product": {
                  "name": "Atlassian Confluence 8.5.25",
                  "product_id": "T048687-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:8.5.25"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Splunk Splunk Enterprise",
                "product": {
                  "name": "Splunk Splunk Enterprise",
                  "product_id": "T008911",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:-"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.1.1",
                  "product_id": "T029634"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.1",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.1.1",
                  "product_id": "T029634-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.1.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.6",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.6",
                  "product_id": "T029635"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.6",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.0.6",
                  "product_id": "T029635-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c8.2.12",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c8.2.12",
                  "product_id": "T029636"
                }
              },
              {
                "category": "product_version",
                "name": "8.2.12",
                "product": {
                  "name": "Splunk Splunk Enterprise 8.2.12",
                  "product_id": "T029636-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:8.2.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.2.1",
                  "product_id": "T033705"
                }
              },
              {
                "category": "product_version",
                "name": "9.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.2.1",
                  "product_id": "T033705-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.4",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.1.4",
                  "product_id": "T033718"
                }
              },
              {
                "category": "product_version",
                "name": "9.1.4",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.1.4",
                  "product_id": "T033718-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.1.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.9",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.9",
                  "product_id": "T033720"
                }
              },
              {
                "category": "product_version",
                "name": "9.0.9",
                "product": {
                  "name": "Splunk Splunk Enterprise 9.0.9",
                  "product_id": "T033720-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-7489",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2013-7489"
    },
    {
      "cve": "CVE-2018-10237",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2018-10237"
    },
    {
      "cve": "CVE-2018-20225",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2018-20225"
    },
    {
      "cve": "CVE-2019-20454",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2019-20454"
    },
    {
      "cve": "CVE-2019-20838",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2019-20838"
    },
    {
      "cve": "CVE-2020-14155",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-14155"
    },
    {
      "cve": "CVE-2020-28469",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-28469"
    },
    {
      "cve": "CVE-2020-28851",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-28851"
    },
    {
      "cve": "CVE-2020-29652",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-29652"
    },
    {
      "cve": "CVE-2020-8169",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8169"
    },
    {
      "cve": "CVE-2020-8177",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8177"
    },
    {
      "cve": "CVE-2020-8231",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8231"
    },
    {
      "cve": "CVE-2020-8284",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8284"
    },
    {
      "cve": "CVE-2020-8285",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8285"
    },
    {
      "cve": "CVE-2020-8286",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8286"
    },
    {
      "cve": "CVE-2020-8908",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2020-8908"
    },
    {
      "cve": "CVE-2021-20066",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-20066"
    },
    {
      "cve": "CVE-2021-22569",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22569"
    },
    {
      "cve": "CVE-2021-22876",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22876"
    },
    {
      "cve": "CVE-2021-22890",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22890"
    },
    {
      "cve": "CVE-2021-22897",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22897"
    },
    {
      "cve": "CVE-2021-22898",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22898"
    },
    {
      "cve": "CVE-2021-22901",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22901"
    },
    {
      "cve": "CVE-2021-22922",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22922"
    },
    {
      "cve": "CVE-2021-22923",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22923"
    },
    {
      "cve": "CVE-2021-22924",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22924"
    },
    {
      "cve": "CVE-2021-22925",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22925"
    },
    {
      "cve": "CVE-2021-22926",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22926"
    },
    {
      "cve": "CVE-2021-22945",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22945"
    },
    {
      "cve": "CVE-2021-22946",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22946"
    },
    {
      "cve": "CVE-2021-22947",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-22947"
    },
    {
      "cve": "CVE-2021-23343",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-23343"
    },
    {
      "cve": "CVE-2021-23382",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-23382"
    },
    {
      "cve": "CVE-2021-27918",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-27918"
    },
    {
      "cve": "CVE-2021-27919",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-27919"
    },
    {
      "cve": "CVE-2021-29060",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-29060"
    },
    {
      "cve": "CVE-2021-29425",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-29425"
    },
    {
      "cve": "CVE-2021-29923",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-29923"
    },
    {
      "cve": "CVE-2021-31525",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-31525"
    },
    {
      "cve": "CVE-2021-31566",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-31566"
    },
    {
      "cve": "CVE-2021-33194",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33194"
    },
    {
      "cve": "CVE-2021-33195",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33195"
    },
    {
      "cve": "CVE-2021-33196",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33196"
    },
    {
      "cve": "CVE-2021-33197",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33197"
    },
    {
      "cve": "CVE-2021-33198",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-33198"
    },
    {
      "cve": "CVE-2021-34558",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-34558"
    },
    {
      "cve": "CVE-2021-3520",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-3520"
    },
    {
      "cve": "CVE-2021-3572",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-3572"
    },
    {
      "cve": "CVE-2021-36221",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-36221"
    },
    {
      "cve": "CVE-2021-36976",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-36976"
    },
    {
      "cve": "CVE-2021-3803",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-3803"
    },
    {
      "cve": "CVE-2021-38297",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-38297"
    },
    {
      "cve": "CVE-2021-38561",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-38561"
    },
    {
      "cve": "CVE-2021-39293",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-39293"
    },
    {
      "cve": "CVE-2021-41182",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41182"
    },
    {
      "cve": "CVE-2021-41183",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41183"
    },
    {
      "cve": "CVE-2021-41184",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41184"
    },
    {
      "cve": "CVE-2021-41771",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41771"
    },
    {
      "cve": "CVE-2021-41772",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-41772"
    },
    {
      "cve": "CVE-2021-43565",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-43565"
    },
    {
      "cve": "CVE-2021-44716",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-44716"
    },
    {
      "cve": "CVE-2021-44717",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2021-44717"
    },
    {
      "cve": "CVE-2022-1705",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-1705"
    },
    {
      "cve": "CVE-2022-1941",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-1941"
    },
    {
      "cve": "CVE-2022-1962",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-1962"
    },
    {
      "cve": "CVE-2022-22576",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-22576"
    },
    {
      "cve": "CVE-2022-2309",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-2309"
    },
    {
      "cve": "CVE-2022-23491",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-23491"
    },
    {
      "cve": "CVE-2022-23772",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-23772"
    },
    {
      "cve": "CVE-2022-23773",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-23773"
    },
    {
      "cve": "CVE-2022-23806",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-23806"
    },
    {
      "cve": "CVE-2022-24675",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-24675"
    },
    {
      "cve": "CVE-2022-24921",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-24921"
    },
    {
      "cve": "CVE-2022-24999",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-24999"
    },
    {
      "cve": "CVE-2022-25881",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-25881"
    },
    {
      "cve": "CVE-2022-27191",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27191"
    },
    {
      "cve": "CVE-2022-27536",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27536"
    },
    {
      "cve": "CVE-2022-27664",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27664"
    },
    {
      "cve": "CVE-2022-27774",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27774"
    },
    {
      "cve": "CVE-2022-27775",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27775"
    },
    {
      "cve": "CVE-2022-27776",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27776"
    },
    {
      "cve": "CVE-2022-27778",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27778"
    },
    {
      "cve": "CVE-2022-27779",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27779"
    },
    {
      "cve": "CVE-2022-27780",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27780"
    },
    {
      "cve": "CVE-2022-27781",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27781"
    },
    {
      "cve": "CVE-2022-27782",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-27782"
    },
    {
      "cve": "CVE-2022-28131",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-28131"
    },
    {
      "cve": "CVE-2022-28327",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-28327"
    },
    {
      "cve": "CVE-2022-2879",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-2879"
    },
    {
      "cve": "CVE-2022-2880",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-2880"
    },
    {
      "cve": "CVE-2022-29526",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-29526"
    },
    {
      "cve": "CVE-2022-29804",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-29804"
    },
    {
      "cve": "CVE-2022-30115",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30115"
    },
    {
      "cve": "CVE-2022-30580",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30580"
    },
    {
      "cve": "CVE-2022-30629",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30629"
    },
    {
      "cve": "CVE-2022-30630",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30630"
    },
    {
      "cve": "CVE-2022-30631",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30631"
    },
    {
      "cve": "CVE-2022-30632",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30632"
    },
    {
      "cve": "CVE-2022-30633",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30633"
    },
    {
      "cve": "CVE-2022-30634",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30634"
    },
    {
      "cve": "CVE-2022-30635",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-30635"
    },
    {
      "cve": "CVE-2022-31129",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-3171",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-32148",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32148"
    },
    {
      "cve": "CVE-2022-32149",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32149"
    },
    {
      "cve": "CVE-2022-32189",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32189"
    },
    {
      "cve": "CVE-2022-32205",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32205"
    },
    {
      "cve": "CVE-2022-32206",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32206"
    },
    {
      "cve": "CVE-2022-32207",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32207"
    },
    {
      "cve": "CVE-2022-32208",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32208"
    },
    {
      "cve": "CVE-2022-32221",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-32221"
    },
    {
      "cve": "CVE-2022-33987",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-33987"
    },
    {
      "cve": "CVE-2022-3509",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-3509"
    },
    {
      "cve": "CVE-2022-3510",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-3510"
    },
    {
      "cve": "CVE-2022-3517",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-3517"
    },
    {
      "cve": "CVE-2022-35252",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-35252"
    },
    {
      "cve": "CVE-2022-35260",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-35260"
    },
    {
      "cve": "CVE-2022-35737",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-35737"
    },
    {
      "cve": "CVE-2022-36227",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-36227"
    },
    {
      "cve": "CVE-2022-37599",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-37601",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37603",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-38900",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-38900"
    },
    {
      "cve": "CVE-2022-40023",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-40023"
    },
    {
      "cve": "CVE-2022-40897",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-40897"
    },
    {
      "cve": "CVE-2022-40899",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-40899"
    },
    {
      "cve": "CVE-2022-41715",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-41715"
    },
    {
      "cve": "CVE-2022-41716",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-41716"
    },
    {
      "cve": "CVE-2022-41720",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-41720"
    },
    {
      "cve": "CVE-2022-41722",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-41722"
    },
    {
      "cve": "CVE-2022-42003",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-42003"
    },
    {
      "cve": "CVE-2022-42004",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-42004"
    },
    {
      "cve": "CVE-2022-42915",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-42915"
    },
    {
      "cve": "CVE-2022-42916",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-42916"
    },
    {
      "cve": "CVE-2022-43551",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-43551"
    },
    {
      "cve": "CVE-2022-43552",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-43552"
    },
    {
      "cve": "CVE-2022-46175",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2023-23914",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-23914"
    },
    {
      "cve": "CVE-2023-23915",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-23915"
    },
    {
      "cve": "CVE-2023-23916",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-23916"
    },
    {
      "cve": "CVE-2023-24539",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-24539"
    },
    {
      "cve": "CVE-2023-24540",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-24540"
    },
    {
      "cve": "CVE-2023-27533",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27533"
    },
    {
      "cve": "CVE-2023-27534",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27534"
    },
    {
      "cve": "CVE-2023-27535",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27535"
    },
    {
      "cve": "CVE-2023-27536",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27536"
    },
    {
      "cve": "CVE-2023-27537",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27537"
    },
    {
      "cve": "CVE-2023-27538",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-27538"
    },
    {
      "cve": "CVE-2023-29400",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29400"
    },
    {
      "cve": "CVE-2023-29402",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29402"
    },
    {
      "cve": "CVE-2023-29403",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29403"
    },
    {
      "cve": "CVE-2023-29404",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29404"
    },
    {
      "cve": "CVE-2023-29405",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-29405"
    },
    {
      "cve": "CVE-2023-40592",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40592"
    },
    {
      "cve": "CVE-2023-40593",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40593"
    },
    {
      "cve": "CVE-2023-40594",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40594"
    },
    {
      "cve": "CVE-2023-40595",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40595"
    },
    {
      "cve": "CVE-2023-40596",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40596"
    },
    {
      "cve": "CVE-2023-40597",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40597"
    },
    {
      "cve": "CVE-2023-40598",
      "product_status": {
        "known_affected": [
          "T033720",
          "T048680",
          "T008911",
          "T004914",
          "T002207",
          "T033718",
          "T048685",
          "T029636",
          "T033705",
          "T029635",
          "T029634",
          "T048687",
          "T048686"
        ]
      },
      "release_date": "2023-08-30T22:00:00.000+00:00",
      "title": "CVE-2023-40598"
    }
  ]
}

WID-SEC-W-2024-1591

Vulnerability from csaf_certbund - Published: 2024-07-10 22:00 - Updated: 2024-11-11 23:00

Summary

Juniper JUNOS: Mehrere Schwachstellen

Severity

Mittel

Notes

Produktbeschreibung: JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS ausnutzen, um einen Denial of Service zu verursachen, Informationen offenzulegen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive zu umgehen.

Betroffene Betriebssysteme: - Sonstiges

CVE-2006-20001

Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungenügende Eingabeüberprüfungen, Unsachgemäße Überprüfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgemäße Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Pufferüberläufe. Diese Schwachstellen ermöglichen Angreifern Denial of Service Zustände zu verursachen, Informationen offenzulegen, Code auszuführen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalität zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2007-5846

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2008-6123

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2011-1473

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2011-5094

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2012-6151

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2014-10064

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2014-2285

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2014-2310

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2014-3565

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2014-7191

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2014-8882

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2015-5621

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2015-8100

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2015-9262

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2016-1000232

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2016-10540

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2016-4658

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2017-1000048

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2017-15010

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2018-18065

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2018-20834

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2018-3737

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2018-7408

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-10081

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-10082

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-10092

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-10097

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-10098

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-11719

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-11727

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-11756

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-16775

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-16776

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-16777

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-17006

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-17023

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-17567

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-20149

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-20892

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2019-9517

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-11668

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-11984

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-11993

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-12362

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-12400

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-12401

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-12402

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-12403

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-13938

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-13950

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-14145

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-15861

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-15862

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-1927

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-1934

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-28469

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-28502

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-35452

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-36049

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-6829

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-7660

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-7754

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-7774

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-8648

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2020-9490

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-22543

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-2342

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-23440

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-2356

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-2372

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-2385

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-2389

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-2390

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-25745

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-25746

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-25748

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-26690

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-26691

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-27290

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-29469

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-30641

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-31535

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-31618

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-3177

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-32803

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-32804

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-33033

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-33034

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-33193

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-3347

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-33909

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-34798

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-35604

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-35624

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-36160

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-37701

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-37712

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-37713

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-3803

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-39275

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-40438

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-41524

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-41773

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-42013

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-43527

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-44224

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-44225

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-44790

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2021-44906

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21245

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21270

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21303

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21304

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21344

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21367

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21417

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21427

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21444

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21451

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21454

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21460

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21589

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21592

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21595

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21608

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-21617

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-22719

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-22720

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-22721

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-22822

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-22823

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-22824

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-23471

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-23524

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-23525

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-23526

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-23852

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-23943

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-25147

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-25235

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-25236

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-2526

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-25315

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-26377

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-28330

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-28614

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-28615

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-29167

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-29404

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-30522

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-30556

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-31813

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-3517

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-3564

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-36760

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-37434

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-37436

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-40674

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-41741

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-41742

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-4203

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-4304

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-4450

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-46663

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2022-4886

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-0215

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-0216

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-0217

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-0286

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-0401

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-0464

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-0465

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-0466

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-0767

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-1255

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-2002

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-20593

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-21830

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-21840

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-21843

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-21912

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-21963

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-21980

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-22025

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-22067

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-22081

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-22652

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-24329

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-25153

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-25173

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-25690

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-2700

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-27522

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-2828

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-28840

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-28841

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-28842

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-2975

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-30079

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-30630

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-3090

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-32067

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-32360

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-32435

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-32439

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-32732

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-3341

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-3390

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-33953

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-34058

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-34059

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-3446

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-34969

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-35001

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-35788

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-3611

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-37450

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-3776

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-3817

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-4004

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-4206

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-4207

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-4208

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-42753

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-4785

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-4807

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-4863

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-5043

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-5129

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2023-5363

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-20918

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-20919

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-20921

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-20926

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-20932

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-20945

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-20952

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39511

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39512

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39513

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39514

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39517

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39518

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39519

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39520

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39521

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39522

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39523

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39524

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39528

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39529

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39530

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39531

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39532

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39533

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39535

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39536

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39537

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39538

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39539

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39540

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39541

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39542

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39543

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39545

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39546

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39548

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39549

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39550

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39551

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39553

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39554

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39555

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39556

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39557

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39558

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39559

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39560

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39561

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

CVE-2024-39565

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Juniper JUNOS Juniper	`cpe:/o:juniper:junos:-`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://supportportal.juniper.net/s/global-search…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Juniper JUNOS ausnutzen, um einen Denial of Service  zu verursachen, Informationen offenzulegen, Privilegien zu erweitern und Sicherheitsmechanismen inklusive zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1591 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1591.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1591 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1591"
      },
      {
        "category": "external",
        "summary": "Juniper Patchday July 2024 vom 2024-07-10",
        "url": "https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending\u0026numberOfResults=100\u0026f:ctype=%5BSecurity%20Advisories%5D"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper JUNOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-11-11T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-12T09:31:28.569+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-1591",
      "initial_release_date": "2024-07-10T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-07-10T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-11-11T23:00:00.000+00:00",
          "number": "2",
          "summary": "URL Kodierung angepasst"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Juniper JUNOS",
            "product": {
              "name": "Juniper JUNOS",
              "product_id": "T036093",
              "product_identification_helper": {
                "cpe": "cpe:/o:juniper:junos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-20001",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2006-20001"
    },
    {
      "cve": "CVE-2007-5846",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2007-5846"
    },
    {
      "cve": "CVE-2008-6123",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2008-6123"
    },
    {
      "cve": "CVE-2011-1473",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2011-1473"
    },
    {
      "cve": "CVE-2011-5094",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2011-5094"
    },
    {
      "cve": "CVE-2012-6151",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2012-6151"
    },
    {
      "cve": "CVE-2014-10064",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2014-10064"
    },
    {
      "cve": "CVE-2014-2285",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2014-2285"
    },
    {
      "cve": "CVE-2014-2310",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2014-2310"
    },
    {
      "cve": "CVE-2014-3565",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2014-3565"
    },
    {
      "cve": "CVE-2014-7191",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2014-7191"
    },
    {
      "cve": "CVE-2014-8882",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2014-8882"
    },
    {
      "cve": "CVE-2015-5621",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2015-5621"
    },
    {
      "cve": "CVE-2015-8100",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2015-8100"
    },
    {
      "cve": "CVE-2015-9262",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2015-9262"
    },
    {
      "cve": "CVE-2016-1000232",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2016-1000232"
    },
    {
      "cve": "CVE-2016-10540",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2016-10540"
    },
    {
      "cve": "CVE-2016-4658",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2016-4658"
    },
    {
      "cve": "CVE-2017-1000048",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2017-1000048"
    },
    {
      "cve": "CVE-2017-15010",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2017-15010"
    },
    {
      "cve": "CVE-2018-18065",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2018-18065"
    },
    {
      "cve": "CVE-2018-20834",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2018-20834"
    },
    {
      "cve": "CVE-2018-3737",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2018-3737"
    },
    {
      "cve": "CVE-2018-7408",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2018-7408"
    },
    {
      "cve": "CVE-2019-10081",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-10081"
    },
    {
      "cve": "CVE-2019-10082",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-10082"
    },
    {
      "cve": "CVE-2019-10092",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-10092"
    },
    {
      "cve": "CVE-2019-10097",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-10097"
    },
    {
      "cve": "CVE-2019-10098",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-10098"
    },
    {
      "cve": "CVE-2019-11719",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-11719"
    },
    {
      "cve": "CVE-2019-11727",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-11727"
    },
    {
      "cve": "CVE-2019-11756",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-11756"
    },
    {
      "cve": "CVE-2019-16775",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-16775"
    },
    {
      "cve": "CVE-2019-16776",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-16776"
    },
    {
      "cve": "CVE-2019-16777",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-16777"
    },
    {
      "cve": "CVE-2019-17006",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-17006"
    },
    {
      "cve": "CVE-2019-17023",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-17023"
    },
    {
      "cve": "CVE-2019-17567",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-17567"
    },
    {
      "cve": "CVE-2019-20149",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-20149"
    },
    {
      "cve": "CVE-2019-20892",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-20892"
    },
    {
      "cve": "CVE-2019-9517",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2019-9517"
    },
    {
      "cve": "CVE-2020-11668",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-11668"
    },
    {
      "cve": "CVE-2020-11984",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-11984"
    },
    {
      "cve": "CVE-2020-11993",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-11993"
    },
    {
      "cve": "CVE-2020-12362",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-12362"
    },
    {
      "cve": "CVE-2020-12400",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-12400"
    },
    {
      "cve": "CVE-2020-12401",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-12401"
    },
    {
      "cve": "CVE-2020-12402",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-12402"
    },
    {
      "cve": "CVE-2020-12403",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-12403"
    },
    {
      "cve": "CVE-2020-13938",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-13938"
    },
    {
      "cve": "CVE-2020-13950",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-13950"
    },
    {
      "cve": "CVE-2020-14145",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-14145"
    },
    {
      "cve": "CVE-2020-15861",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-15861"
    },
    {
      "cve": "CVE-2020-15862",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-15862"
    },
    {
      "cve": "CVE-2020-1927",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-1927"
    },
    {
      "cve": "CVE-2020-1934",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-1934"
    },
    {
      "cve": "CVE-2020-28469",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-28469"
    },
    {
      "cve": "CVE-2020-28502",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-28502"
    },
    {
      "cve": "CVE-2020-35452",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-35452"
    },
    {
      "cve": "CVE-2020-36049",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-36049"
    },
    {
      "cve": "CVE-2020-6829",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-6829"
    },
    {
      "cve": "CVE-2020-7660",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-7660"
    },
    {
      "cve": "CVE-2020-7754",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-7754"
    },
    {
      "cve": "CVE-2020-7774",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-7774"
    },
    {
      "cve": "CVE-2020-8648",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-8648"
    },
    {
      "cve": "CVE-2020-9490",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2020-9490"
    },
    {
      "cve": "CVE-2021-22543",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-22543"
    },
    {
      "cve": "CVE-2021-2342",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-2342"
    },
    {
      "cve": "CVE-2021-23440",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-23440"
    },
    {
      "cve": "CVE-2021-2356",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-2356"
    },
    {
      "cve": "CVE-2021-2372",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-2372"
    },
    {
      "cve": "CVE-2021-2385",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-2385"
    },
    {
      "cve": "CVE-2021-2389",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-2389"
    },
    {
      "cve": "CVE-2021-2390",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-2390"
    },
    {
      "cve": "CVE-2021-25745",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-25745"
    },
    {
      "cve": "CVE-2021-25746",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-25746"
    },
    {
      "cve": "CVE-2021-25748",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-25748"
    },
    {
      "cve": "CVE-2021-26690",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-26690"
    },
    {
      "cve": "CVE-2021-26691",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-26691"
    },
    {
      "cve": "CVE-2021-27290",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-27290"
    },
    {
      "cve": "CVE-2021-29469",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-29469"
    },
    {
      "cve": "CVE-2021-30641",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-30641"
    },
    {
      "cve": "CVE-2021-31535",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-31535"
    },
    {
      "cve": "CVE-2021-31618",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-31618"
    },
    {
      "cve": "CVE-2021-3177",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-3177"
    },
    {
      "cve": "CVE-2021-32803",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-32803"
    },
    {
      "cve": "CVE-2021-32804",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-32804"
    },
    {
      "cve": "CVE-2021-33033",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-33033"
    },
    {
      "cve": "CVE-2021-33034",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-33034"
    },
    {
      "cve": "CVE-2021-33193",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-33193"
    },
    {
      "cve": "CVE-2021-3347",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-3347"
    },
    {
      "cve": "CVE-2021-33909",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-33909"
    },
    {
      "cve": "CVE-2021-34798",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-34798"
    },
    {
      "cve": "CVE-2021-35604",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-35604"
    },
    {
      "cve": "CVE-2021-35624",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-35624"
    },
    {
      "cve": "CVE-2021-36160",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-36160"
    },
    {
      "cve": "CVE-2021-37701",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-37701"
    },
    {
      "cve": "CVE-2021-37712",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-37712"
    },
    {
      "cve": "CVE-2021-37713",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-37713"
    },
    {
      "cve": "CVE-2021-3803",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-3803"
    },
    {
      "cve": "CVE-2021-39275",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-39275"
    },
    {
      "cve": "CVE-2021-40438",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-40438"
    },
    {
      "cve": "CVE-2021-41524",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-41524"
    },
    {
      "cve": "CVE-2021-41773",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-41773"
    },
    {
      "cve": "CVE-2021-42013",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-42013"
    },
    {
      "cve": "CVE-2021-43527",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-43527"
    },
    {
      "cve": "CVE-2021-44224",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-44224"
    },
    {
      "cve": "CVE-2021-44225",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-44225"
    },
    {
      "cve": "CVE-2021-44790",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-44790"
    },
    {
      "cve": "CVE-2021-44906",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2021-44906"
    },
    {
      "cve": "CVE-2022-21245",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21245"
    },
    {
      "cve": "CVE-2022-21270",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21270"
    },
    {
      "cve": "CVE-2022-21303",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21303"
    },
    {
      "cve": "CVE-2022-21304",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21304"
    },
    {
      "cve": "CVE-2022-21344",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21344"
    },
    {
      "cve": "CVE-2022-21367",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21367"
    },
    {
      "cve": "CVE-2022-21417",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21417"
    },
    {
      "cve": "CVE-2022-21427",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21427"
    },
    {
      "cve": "CVE-2022-21444",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21444"
    },
    {
      "cve": "CVE-2022-21451",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21451"
    },
    {
      "cve": "CVE-2022-21454",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21454"
    },
    {
      "cve": "CVE-2022-21460",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21460"
    },
    {
      "cve": "CVE-2022-21589",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21589"
    },
    {
      "cve": "CVE-2022-21592",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21592"
    },
    {
      "cve": "CVE-2022-21595",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21595"
    },
    {
      "cve": "CVE-2022-21608",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21608"
    },
    {
      "cve": "CVE-2022-21617",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-21617"
    },
    {
      "cve": "CVE-2022-22719",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-22719"
    },
    {
      "cve": "CVE-2022-22720",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-22720"
    },
    {
      "cve": "CVE-2022-22721",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-22721"
    },
    {
      "cve": "CVE-2022-22822",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-22822"
    },
    {
      "cve": "CVE-2022-22823",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-22823"
    },
    {
      "cve": "CVE-2022-22824",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-22824"
    },
    {
      "cve": "CVE-2022-23471",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-23471"
    },
    {
      "cve": "CVE-2022-23524",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-23524"
    },
    {
      "cve": "CVE-2022-23525",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-23525"
    },
    {
      "cve": "CVE-2022-23526",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-23526"
    },
    {
      "cve": "CVE-2022-23852",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-23852"
    },
    {
      "cve": "CVE-2022-23943",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-23943"
    },
    {
      "cve": "CVE-2022-25147",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-25147"
    },
    {
      "cve": "CVE-2022-25235",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-25235"
    },
    {
      "cve": "CVE-2022-25236",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-25236"
    },
    {
      "cve": "CVE-2022-2526",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-2526"
    },
    {
      "cve": "CVE-2022-25315",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-25315"
    },
    {
      "cve": "CVE-2022-26377",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-26377"
    },
    {
      "cve": "CVE-2022-28330",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-28330"
    },
    {
      "cve": "CVE-2022-28614",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-28614"
    },
    {
      "cve": "CVE-2022-28615",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-28615"
    },
    {
      "cve": "CVE-2022-29167",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-29167"
    },
    {
      "cve": "CVE-2022-29404",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-29404"
    },
    {
      "cve": "CVE-2022-30522",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-30522"
    },
    {
      "cve": "CVE-2022-30556",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-30556"
    },
    {
      "cve": "CVE-2022-31813",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-31813"
    },
    {
      "cve": "CVE-2022-3517",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-3517"
    },
    {
      "cve": "CVE-2022-3564",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-3564"
    },
    {
      "cve": "CVE-2022-36760",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-36760"
    },
    {
      "cve": "CVE-2022-37434",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-37434"
    },
    {
      "cve": "CVE-2022-37436",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-37436"
    },
    {
      "cve": "CVE-2022-40674",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-40674"
    },
    {
      "cve": "CVE-2022-41741",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-41741"
    },
    {
      "cve": "CVE-2022-41742",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-41742"
    },
    {
      "cve": "CVE-2022-4203",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-4203"
    },
    {
      "cve": "CVE-2022-4304",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-4304"
    },
    {
      "cve": "CVE-2022-4450",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-4450"
    },
    {
      "cve": "CVE-2022-46663",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-46663"
    },
    {
      "cve": "CVE-2022-4886",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2022-4886"
    },
    {
      "cve": "CVE-2023-0215",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-0215"
    },
    {
      "cve": "CVE-2023-0216",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-0216"
    },
    {
      "cve": "CVE-2023-0217",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-0217"
    },
    {
      "cve": "CVE-2023-0286",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-0286"
    },
    {
      "cve": "CVE-2023-0401",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-0401"
    },
    {
      "cve": "CVE-2023-0464",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-0464"
    },
    {
      "cve": "CVE-2023-0465",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-0465"
    },
    {
      "cve": "CVE-2023-0466",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-0466"
    },
    {
      "cve": "CVE-2023-0767",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-0767"
    },
    {
      "cve": "CVE-2023-1255",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-1255"
    },
    {
      "cve": "CVE-2023-2002",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-2002"
    },
    {
      "cve": "CVE-2023-20593",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-20593"
    },
    {
      "cve": "CVE-2023-21830",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-21830"
    },
    {
      "cve": "CVE-2023-21840",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-21840"
    },
    {
      "cve": "CVE-2023-21843",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-21843"
    },
    {
      "cve": "CVE-2023-21912",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-21912"
    },
    {
      "cve": "CVE-2023-21963",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-21963"
    },
    {
      "cve": "CVE-2023-21980",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-21980"
    },
    {
      "cve": "CVE-2023-22025",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-22025"
    },
    {
      "cve": "CVE-2023-22067",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-22067"
    },
    {
      "cve": "CVE-2023-22081",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-22081"
    },
    {
      "cve": "CVE-2023-22652",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-22652"
    },
    {
      "cve": "CVE-2023-24329",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-24329"
    },
    {
      "cve": "CVE-2023-25153",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-25153"
    },
    {
      "cve": "CVE-2023-25173",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-25173"
    },
    {
      "cve": "CVE-2023-25690",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-25690"
    },
    {
      "cve": "CVE-2023-2700",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-2700"
    },
    {
      "cve": "CVE-2023-27522",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-27522"
    },
    {
      "cve": "CVE-2023-2828",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-2828"
    },
    {
      "cve": "CVE-2023-28840",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-28840"
    },
    {
      "cve": "CVE-2023-28841",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-28841"
    },
    {
      "cve": "CVE-2023-28842",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-28842"
    },
    {
      "cve": "CVE-2023-2975",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-2975"
    },
    {
      "cve": "CVE-2023-30079",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-30079"
    },
    {
      "cve": "CVE-2023-30630",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-30630"
    },
    {
      "cve": "CVE-2023-3090",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-3090"
    },
    {
      "cve": "CVE-2023-32067",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-32067"
    },
    {
      "cve": "CVE-2023-32360",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-32360"
    },
    {
      "cve": "CVE-2023-32435",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-32435"
    },
    {
      "cve": "CVE-2023-32439",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-32439"
    },
    {
      "cve": "CVE-2023-32732",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-32732"
    },
    {
      "cve": "CVE-2023-3341",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-3341"
    },
    {
      "cve": "CVE-2023-3390",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-3390"
    },
    {
      "cve": "CVE-2023-33953",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-33953"
    },
    {
      "cve": "CVE-2023-34058",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-34058"
    },
    {
      "cve": "CVE-2023-34059",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-34059"
    },
    {
      "cve": "CVE-2023-3446",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-3446"
    },
    {
      "cve": "CVE-2023-34969",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-34969"
    },
    {
      "cve": "CVE-2023-35001",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-35001"
    },
    {
      "cve": "CVE-2023-35788",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-35788"
    },
    {
      "cve": "CVE-2023-3611",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-3611"
    },
    {
      "cve": "CVE-2023-37450",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-37450"
    },
    {
      "cve": "CVE-2023-3776",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-3776"
    },
    {
      "cve": "CVE-2023-3817",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-3817"
    },
    {
      "cve": "CVE-2023-4004",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-4004"
    },
    {
      "cve": "CVE-2023-4206",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-4206"
    },
    {
      "cve": "CVE-2023-4207",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-4207"
    },
    {
      "cve": "CVE-2023-4208",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-4208"
    },
    {
      "cve": "CVE-2023-42753",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-42753"
    },
    {
      "cve": "CVE-2023-4785",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-4785"
    },
    {
      "cve": "CVE-2023-4807",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-4807"
    },
    {
      "cve": "CVE-2023-4863",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-4863"
    },
    {
      "cve": "CVE-2023-5043",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-5043"
    },
    {
      "cve": "CVE-2023-5129",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-5129"
    },
    {
      "cve": "CVE-2023-5363",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2023-5363"
    },
    {
      "cve": "CVE-2024-20918",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-20918"
    },
    {
      "cve": "CVE-2024-20919",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-20919"
    },
    {
      "cve": "CVE-2024-20921",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-20921"
    },
    {
      "cve": "CVE-2024-20926",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-20926"
    },
    {
      "cve": "CVE-2024-20932",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-20932"
    },
    {
      "cve": "CVE-2024-20945",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-20945"
    },
    {
      "cve": "CVE-2024-20952",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-20952"
    },
    {
      "cve": "CVE-2024-39511",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39511"
    },
    {
      "cve": "CVE-2024-39512",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39512"
    },
    {
      "cve": "CVE-2024-39513",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39513"
    },
    {
      "cve": "CVE-2024-39514",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39514"
    },
    {
      "cve": "CVE-2024-39517",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39517"
    },
    {
      "cve": "CVE-2024-39518",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39518"
    },
    {
      "cve": "CVE-2024-39519",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39519"
    },
    {
      "cve": "CVE-2024-39520",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39520"
    },
    {
      "cve": "CVE-2024-39521",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39521"
    },
    {
      "cve": "CVE-2024-39522",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39522"
    },
    {
      "cve": "CVE-2024-39523",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39523"
    },
    {
      "cve": "CVE-2024-39524",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39524"
    },
    {
      "cve": "CVE-2024-39528",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39528"
    },
    {
      "cve": "CVE-2024-39529",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39529"
    },
    {
      "cve": "CVE-2024-39530",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39530"
    },
    {
      "cve": "CVE-2024-39531",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39531"
    },
    {
      "cve": "CVE-2024-39532",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39532"
    },
    {
      "cve": "CVE-2024-39533",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39533"
    },
    {
      "cve": "CVE-2024-39535",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39535"
    },
    {
      "cve": "CVE-2024-39536",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39536"
    },
    {
      "cve": "CVE-2024-39537",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39537"
    },
    {
      "cve": "CVE-2024-39538",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39538"
    },
    {
      "cve": "CVE-2024-39539",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39539"
    },
    {
      "cve": "CVE-2024-39540",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39540"
    },
    {
      "cve": "CVE-2024-39541",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39541"
    },
    {
      "cve": "CVE-2024-39542",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39542"
    },
    {
      "cve": "CVE-2024-39543",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39543"
    },
    {
      "cve": "CVE-2024-39545",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39545"
    },
    {
      "cve": "CVE-2024-39546",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39546"
    },
    {
      "cve": "CVE-2024-39548",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39548"
    },
    {
      "cve": "CVE-2024-39549",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39549"
    },
    {
      "cve": "CVE-2024-39550",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39550"
    },
    {
      "cve": "CVE-2024-39551",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39551"
    },
    {
      "cve": "CVE-2024-39553",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39553"
    },
    {
      "cve": "CVE-2024-39554",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39554"
    },
    {
      "cve": "CVE-2024-39555",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39555"
    },
    {
      "cve": "CVE-2024-39556",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39556"
    },
    {
      "cve": "CVE-2024-39557",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39557"
    },
    {
      "cve": "CVE-2024-39558",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39558"
    },
    {
      "cve": "CVE-2024-39559",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39559"
    },
    {
      "cve": "CVE-2024-39560",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39560"
    },
    {
      "cve": "CVE-2024-39561",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39561"
    },
    {
      "cve": "CVE-2024-39565",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in verschiedenen Juniper-Produkten. Ursachen sind unter Anderem Ungen\u00fcgende Eingabe\u00fcberpr\u00fcfungen, Unsachgem\u00e4\u00dfe \u00dcberpr\u00fcfung und Verarbeitung von Paketen, fehlende Speicherfreigaben, fehlerhafte Behandlung von Ausnahmen, Unsachgem\u00e4\u00dfe Speicherbehandlung, unkontrollierter Ressourcenverbrauch, Klartextspeicherung von Daten und Puffer\u00fcberl\u00e4ufe. Diese Schwachstellen erm\u00f6glichen Angreifern Denial of Service Zust\u00e4nde zu verursachen, Informationen offenzulegen, Code auszuf\u00fchren, Privilegien zu erweitern und Sicherheitsmechanismen inklusive der Firewall Funktionalit\u00e4t zu umgehen. Zu einer erfolgreichen Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036093"
        ]
      },
      "release_date": "2024-07-10T22:00:00.000+00:00",
      "title": "CVE-2024-39565"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-28469 (GCVE-0-2020-28469)

Tags

Sightings

Nomenclature