Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-38900 (GCVE-0-2022-38900)
Vulnerability from cvelistv5 – Published: 2022-11-28 00:00 – Updated: 2025-04-25 19:50
VLAI
EPSS
Summary
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-20 - Improper Input Validation
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/SamVerschueren/decode-uri-comp… | |
| https://github.com/sindresorhus/query-string/issues/345 | |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sindresorhus/query-string/issues/345"
},
{
"name": "FEDORA-2023-86d75130fe",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/"
},
{
"name": "FEDORA-2023-a4f0b29f6c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/"
},
{
"name": "FEDORA-2023-2e38c3756f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/"
},
{
"name": "FEDORA-2023-ae96dd6105",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/"
},
{
"name": "FEDORA-2023-b86fd9ad80",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38900",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T19:49:56.788001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T19:50:41.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-01T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"url": "https://github.com/sindresorhus/query-string/issues/345"
},
{
"name": "FEDORA-2023-86d75130fe",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/"
},
{
"name": "FEDORA-2023-a4f0b29f6c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/"
},
{
"name": "FEDORA-2023-2e38c3756f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/"
},
{
"name": "FEDORA-2023-ae96dd6105",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/"
},
{
"name": "FEDORA-2023-b86fd9ad80",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38900",
"datePublished": "2022-11-28T00:00:00.000Z",
"dateReserved": "2022-08-29T00:00:00.000Z",
"dateUpdated": "2025-04-25T19:50:41.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-38900",
"date": "2026-06-05",
"epss": "0.00429",
"percentile": "0.62881"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-38900\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-11-28T13:15:10.033\",\"lastModified\":\"2025-04-25T20:15:31.623\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.\"},{\"lang\":\"es\",\"value\":\"decode-uri-component 0.2.0 es vulnerable a una validaci\u00f3n de entrada incorrecta que provoca DoS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:decode-uri-component_project:decode-uri-component:0.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5FAEFE5-8016-43E2-A600-46EC2CCAD87E\"}]}]}],\"references\":[{\"url\":\"https://github.com/SamVerschueren/decode-uri-component/issues/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/sindresorhus/query-string/issues/345\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/SamVerschueren/decode-uri-component/issues/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/sindresorhus/query-string/issues/345\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/SamVerschueren/decode-uri-component/issues/5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/sindresorhus/query-string/issues/345\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/\", \"name\": \"FEDORA-2023-86d75130fe\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/\", \"name\": \"FEDORA-2023-a4f0b29f6c\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/\", \"name\": \"FEDORA-2023-2e38c3756f\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/\", \"name\": \"FEDORA-2023-ae96dd6105\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/\", \"name\": \"FEDORA-2023-b86fd9ad80\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T11:02:14.671Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-38900\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-25T19:49:56.788001Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-25T19:50:31.436Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/SamVerschueren/decode-uri-component/issues/5\"}, {\"url\": \"https://github.com/sindresorhus/query-string/issues/345\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/\", \"name\": \"FEDORA-2023-86d75130fe\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/\", \"name\": \"FEDORA-2023-a4f0b29f6c\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/\", \"name\": \"FEDORA-2023-2e38c3756f\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/\", \"name\": \"FEDORA-2023-ae96dd6105\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/\", \"name\": \"FEDORA-2023-b86fd9ad80\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-07-01T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-38900\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-25T19:50:41.971Z\", \"dateReserved\": \"2022-08-29T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-11-28T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0214
Vulnerability from certfr_avis - Published: 2025-03-14 - Updated: 2025-03-14
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à v2.3.4.1 pour Intel | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Sterling | Sterling B2B Integrator versions 6.2.x antérieures à 6.2.0.4 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à v2.3.5.0 pour Power | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 IF03 | ||
| IBM | Sterling | Sterling B2B Integrator versions antérieures à 6.1.2.7 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.4.1 pour Intel",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.5.0 pour Power",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11 IF03",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.1.2.7",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-45638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45638"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-32762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32762"
},
{
"name": "CVE-2022-48565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2023-32763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32763"
},
{
"name": "CVE-2022-24302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
},
{
"name": "CVE-2025-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1244"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2022-48566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48566"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2024-45643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45643"
},
{
"name": "CVE-2023-32573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2024-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0690"
},
{
"name": "CVE-2022-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2022-4742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4742"
}
],
"initial_release_date": "2025-03-14T00:00:00",
"last_revision_date": "2025-03-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0214",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185937",
"url": "https://www.ibm.com/support/pages/node/7185937"
},
{
"published_at": "2025-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185675",
"url": "https://www.ibm.com/support/pages/node/7185675"
},
{
"published_at": "2025-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185257",
"url": "https://www.ibm.com/support/pages/node/7185257"
},
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185938",
"url": "https://www.ibm.com/support/pages/node/7185938"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185353",
"url": "https://www.ibm.com/support/pages/node/7185353"
}
]
}
CERTFR-2025-AVI-1025
Vulnerability from certfr_avis - Published: 2025-11-19 - Updated: 2025-11-19
De multiples vulnérabilités ont été découvertes dans les produits Atlassian. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une falsification de requêtes côté serveur (SSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Atlassian | Jira | Jira Software Data Center versions antérieures à 11.2.0 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.3.10 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.7.3 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.5.4 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.2.6 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 11.2.0 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 5.12.26 | ||
| Atlassian | Jira | Jira Service Management Data Center versions antérieures à 10.3.10 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 11.2.0 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 11.2.0 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.2.6 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 10.0.2 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 9.12.26 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 10.1.1 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 10.1.1 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 5.12.26 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.3.1 | ||
| Atlassian | Jira | Jira Software Data Center versions antérieures à 10.7.3 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 10.3.10 | ||
| Atlassian | Jira | Jira Software Server versions antérieures à 9.12.26 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 8.5.20 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.4.0 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 10.0.2 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.5.4 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 8.5.20 | ||
| Atlassian | Confluence | Confluence Data Center versions antérieures à 9.4.0 | ||
| Atlassian | Jira | Jira Service Management Server versions antérieures à 10.3.10 | ||
| Atlassian | Confluence | Confluence Server versions antérieures à 9.3.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 11.2.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.3.10",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.5.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 11.2.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 5.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Data Center versions ant\u00e9rieures \u00e0 10.3.10",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 11.2.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 11.2.0",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.2.6",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 10.1.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 5.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Data Center versions ant\u00e9rieures \u00e0 10.7.3",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 10.3.10",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Software Server versions ant\u00e9rieures \u00e0 9.12.26",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 8.5.20",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 10.0.2",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.5.4",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 8.5.20",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Data Center versions ant\u00e9rieures \u00e0 9.4.0",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Jira Service Management Server versions ant\u00e9rieures \u00e0 10.3.10",
"product": {
"name": "Jira",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
},
{
"description": "Confluence Server versions ant\u00e9rieures \u00e0 9.3.1",
"product": {
"name": "Confluence",
"vendor": {
"name": "Atlassian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
}
],
"initial_release_date": "2025-11-19T00:00:00",
"last_revision_date": "2025-11-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1025",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Atlassian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Atlassian",
"vendor_advisories": [
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101488",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101488"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSDSERVER-16435",
"url": "https://jira.atlassian.com/browse/JSDSERVER-16435"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian JSWSERVER-26537",
"url": "https://jira.atlassian.com/browse/JSWSERVER-26537"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101480",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101480"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101486",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101486"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101487",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101487"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101485",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101485"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101479",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101479"
},
{
"published_at": "2025-11-18",
"title": "Bulletin de s\u00e9curit\u00e9 Atlassian CONFSERVER-101477",
"url": "https://jira.atlassian.com/browse/CONFSERVER-101477"
}
]
}
CERTFR-2026-AVI-0109
Vulnerability from certfr_avis - Published: 2026-01-30 - Updated: 2026-01-30
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar User Behavior Analytics versions antérieures à 5.1.0 | ||
| IBM | Tivoli | Tivoli Application Dependency Discovery Manager version 7.3.0 sans le dernier correctif de sécurité | ||
| IBM | Db2 | Db2 versions 12.1.x antérieures à 12.1.2 sans le correctif de sécurité #72296 | ||
| IBM | Db2 | DB2 Data Management Console versions 3.1.1x antérieures à 3.1.13.2 | ||
| IBM | WebSphere | WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60 | ||
| IBM | WebSphere | WebSphere Application Server version 8.5 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.8 sur Cloud Pak for Data 5.1 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | Db2 | Db2 versions 11.5.x antérieures à 11.5.9 sans le correctif de sécurité #66394 | ||
| IBM | Db2 | Db2 version 12.1.3 sans le correctif de sécurité #71609 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.6 sur Cloud Pak for Data 4.8 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 8.2 sur Cloud Pak for Data 5.2 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions 17.0.0.3 à 26.0.0.1 sans le correctif de sécurité PH69485 ou antérieures à 26.0.0.2 (disponibilité prévue pour le premier trimestre 2026) | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP14 IF04 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.7 sur Cloud Pak for Data 5.0 antérieures à 8.3 sur Cloud Pak for Data 5.3 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 5.1.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Application Dependency Discovery Manager version 7.3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.2 sans le correctif de s\u00e9curit\u00e9 #72296",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions 3.1.1x ant\u00e9rieures \u00e0 3.1.13.2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server version 8.5 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.8 sur Cloud Pak for Data 5.1 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.9 sans le correctif de s\u00e9curit\u00e9 #66394",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 version 12.1.3 sans le correctif de s\u00e9curit\u00e9 #71609",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.6 sur Cloud Pak for Data 4.8 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 8.2 sur Cloud Pak for Data 5.2 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 26.0.0.1 sans le correctif de s\u00e9curit\u00e9 PH69485 ou ant\u00e9rieures \u00e0 26.0.0.2 (disponibilit\u00e9 pr\u00e9vue pour le premier trimestre 2026)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14 IF04",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.7 sur Cloud Pak for Data 5.0 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-2534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2534"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2016-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2193"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2022-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2596"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2025-36131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36131"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2024-37071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37071"
},
{
"name": "CVE-2019-9515",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9515"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2024-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47118"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2019-9514",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9514"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-57810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
},
{
"name": "CVE-2024-41761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41761"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-36136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36136"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2022-33987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2025-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36006"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2025-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2025-6493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6493"
},
{
"name": "CVE-2025-33012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33012"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2025-25977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25977"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2025-11083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11083"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-54313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54313"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2025-39697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39697"
},
{
"name": "CVE-2025-29907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29907"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2024-41762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41762"
},
{
"name": "CVE-2021-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23413"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-39971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
},
{
"name": "CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2024-57965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2024-40679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40679"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2025-14914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14914"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2019-9512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9512"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2024-45663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45663"
},
{
"name": "CVE-2025-33134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33134"
},
{
"name": "CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2025-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36185"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2026-01-30T00:00:00",
"last_revision_date": "2026-01-30T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0109",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 5691194",
"url": "https://www.ibm.com/support/pages/node/5691194"
},
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258104",
"url": "https://www.ibm.com/support/pages/node/7258104"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258234",
"url": "https://www.ibm.com/support/pages/node/7258234"
},
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258110",
"url": "https://www.ibm.com/support/pages/node/7258110"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257910",
"url": "https://www.ibm.com/support/pages/node/7257910"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257899",
"url": "https://www.ibm.com/support/pages/node/7257899"
},
{
"published_at": "2026-01-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258042",
"url": "https://www.ibm.com/support/pages/node/7258042"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257904",
"url": "https://www.ibm.com/support/pages/node/7257904"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257903",
"url": "https://www.ibm.com/support/pages/node/7257903"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257901",
"url": "https://www.ibm.com/support/pages/node/7257901"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257898",
"url": "https://www.ibm.com/support/pages/node/7257898"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257900",
"url": "https://www.ibm.com/support/pages/node/7257900"
},
{
"published_at": "2026-01-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257978",
"url": "https://www.ibm.com/support/pages/node/7257978"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257902",
"url": "https://www.ibm.com/support/pages/node/7257902"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257519",
"url": "https://www.ibm.com/support/pages/node/7257519"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258331",
"url": "https://www.ibm.com/support/pages/node/7258331"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257633",
"url": "https://www.ibm.com/support/pages/node/7257633"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258232",
"url": "https://www.ibm.com/support/pages/node/7258232"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258224",
"url": "https://www.ibm.com/support/pages/node/7258224"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257678",
"url": "https://www.ibm.com/support/pages/node/7257678"
}
]
}
CERTFR-2026-AVI-0500
Vulnerability from certfr_avis - Published: 2026-04-27 - Updated: 2026-04-27
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2026-3449",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3449"
},
{
"name": "CVE-2023-43642",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2026-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2023-33201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2026-24098",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24098"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2026-24734",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2025-66614",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2020-10673",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
},
{
"name": "CVE-2020-35728",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
},
{
"name": "CVE-2020-36181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
},
{
"name": "CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2020-36182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
},
{
"name": "CVE-2020-24616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
},
{
"name": "CVE-2026-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
},
{
"name": "CVE-2020-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
},
{
"name": "CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"name": "CVE-2023-34610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34610"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2026-34486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
},
{
"name": "CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"name": "CVE-2018-1320",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2026-29145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2025-49128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
},
{
"name": "CVE-2020-36179",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-7962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"name": "CVE-2023-34454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2020-13949",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
},
{
"name": "CVE-2023-33202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2023-26115",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
},
{
"name": "CVE-2025-54550",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54550"
},
{
"name": "CVE-2025-54920",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54920"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2023-34453",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
},
{
"name": "CVE-2025-33042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-34500",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34500"
},
{
"name": "CVE-2025-9624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9624"
},
{
"name": "CVE-2026-34043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34043"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2020-11113",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-33671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
},
{
"name": "CVE-2026-33532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
},
{
"name": "CVE-2025-68470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
},
{
"name": "CVE-2025-67721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2020-10672",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2026-33750",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
},
{
"name": "CVE-2025-66236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66236"
},
{
"name": "CVE-2020-10969",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
},
{
"name": "CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"name": "CVE-2024-8184",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
},
{
"name": "CVE-2025-11143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
},
{
"name": "CVE-2026-34480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
},
{
"name": "CVE-2025-52999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2020-36187",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2024-57083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57083"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2024-23953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23953"
},
{
"name": "CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"name": "CVE-2025-68161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
},
{
"name": "CVE-2023-34455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2026-41240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2020-11620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2020-24750",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
},
{
"name": "CVE-2025-27821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27821"
},
{
"name": "CVE-2022-41404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41404"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2026-34487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
},
{
"name": "CVE-2025-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27555"
},
{
"name": "CVE-2025-65995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65995"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2020-14195",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
},
{
"name": "CVE-2018-10237",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
},
{
"name": "CVE-2019-12814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"name": "CVE-2020-14061",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-67735",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2025-68458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68458"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2020-11619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
},
{
"name": "CVE-2026-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2020-36183",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
},
{
"name": "CVE-2026-25854",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
},
{
"name": "CVE-2021-22573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2026-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2024-47875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2026-33672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
},
{
"name": "CVE-2020-8908",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2024-56373",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56373"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2020-36180",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2026-24733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2025-68157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68157"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2019-12086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
},
{
"name": "CVE-2025-8916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
},
{
"name": "CVE-2025-8885",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2020-10968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2020-25649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
},
{
"name": "CVE-2025-68675",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68675"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2026-34483",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2025-59419",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2026-33816",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2026-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25219"
},
{
"name": "CVE-2020-11112",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
},
{
"name": "CVE-2020-11111",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-1225",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
},
{
"name": "CVE-2020-14060",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
},
{
"name": "CVE-2020-36188",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
},
{
"name": "CVE-2016-1000027",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
},
{
"name": "CVE-2020-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
}
],
"initial_release_date": "2026-04-27T00:00:00",
"last_revision_date": "2026-04-27T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0500",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37405",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405"
},
{
"published_at": "2026-04-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 37404",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404"
}
]
}
FKIE_CVE-2022-38900
Vulnerability from fkie_nvd - Published: 2022-11-28 13:15 - Updated: 2025-04-25 20:15
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/SamVerschueren/decode-uri-component/issues/5 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/sindresorhus/query-string/issues/345 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/SamVerschueren/decode-uri-component/issues/5 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sindresorhus/query-string/issues/345 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| decode-uri-component_project | decode-uri-component | 0.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:decode-uri-component_project:decode-uri-component:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FAEFE5-8016-43E2-A600-46EC2CCAD87E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS."
},
{
"lang": "es",
"value": "decode-uri-component 0.2.0 es vulnerable a una validaci\u00f3n de entrada incorrecta que provoca DoS."
}
],
"id": "CVE-2022-38900",
"lastModified": "2025-04-25T20:15:31.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-11-28T13:15:10.033",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sindresorhus/query-string/issues/345"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sindresorhus/query-string/issues/345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-W573-4HG7-7WGQ
Vulnerability from github – Published: 2022-11-28 15:30 – Updated: 2023-03-31 16:05
VLAI
Summary
decode-uri-component vulnerable to Denial of Service (DoS)
Details
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "decode-uri-component"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-38900"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-28T23:35:59Z",
"nvd_published_at": "2022-11-28T13:15:00Z",
"severity": "HIGH"
},
"details": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.",
"id": "GHSA-w573-4hg7-7wgq",
"modified": "2023-03-31T16:05:14Z",
"published": "2022-11-28T15:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
},
{
"type": "WEB",
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"type": "WEB",
"url": "https://github.com/sindresorhus/query-string/issues/345"
},
{
"type": "WEB",
"url": "https://github.com/SamVerschueren/decode-uri-component/commit/746ca5dcb6667c5d364e782d53c542830e4c10b9"
},
{
"type": "PACKAGE",
"url": "https://github.com/SamVerschueren/decode-uri-component"
},
{
"type": "WEB",
"url": "https://github.com/SamVerschueren/decode-uri-component/releases/tag/v0.2.1"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "decode-uri-component vulnerable to Denial of Service (DoS)"
}
GSD-2022-38900
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-38900",
"description": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.",
"id": "GSD-2022-38900",
"references": [
"https://www.suse.com/security/cve/CVE-2022-38900.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-38900"
],
"details": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.",
"id": "GSD-2022-38900",
"modified": "2023-12-13T01:19:22.143515Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-38900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
"refsource": "MISC",
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"name": "https://github.com/sindresorhus/query-string/issues/345",
"refsource": "MISC",
"url": "https://github.com/sindresorhus/query-string/issues/345"
},
{
"name": "FEDORA-2023-86d75130fe",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/"
},
{
"name": "FEDORA-2023-a4f0b29f6c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/"
},
{
"name": "FEDORA-2023-2e38c3756f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/"
},
{
"name": "FEDORA-2023-ae96dd6105",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/"
},
{
"name": "FEDORA-2023-b86fd9ad80",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "=0.2.0",
"affected_versions": "Version 0.2.0",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2023-07-01",
"description": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS.",
"fixed_versions": [
"0.2.1"
],
"identifier": "CVE-2022-38900",
"identifiers": [
"CVE-2022-38900",
"GHSA-w573-4hg7-7wgq"
],
"not_impacted": "All versions before 0.2.0, all versions after 0.2.0",
"package_slug": "npm/decode-uri-component",
"pubdate": "2022-11-28",
"solution": "Upgrade to version 0.2.1 or above.",
"title": "decode-uri-component vulnerable to Denial of Service (DoS)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
"https://github.com/SamVerschueren/decode-uri-component/issues/5",
"https://github.com/sindresorhus/query-string/issues/345",
"https://github.com/advisories/GHSA-w573-4hg7-7wgq"
],
"uuid": "a5994206-f97a-4d63-9437-4bc6f6b1dbe8"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:decode-uri-component_project:decode-uri-component:0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-38900"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sindresorhus/query-string/issues/345",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sindresorhus/query-string/issues/345"
},
{
"name": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"name": "FEDORA-2023-a4f0b29f6c",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERN6YE3DS7NBW7UH44SCJBMNC2NWQ7SM/"
},
{
"name": "FEDORA-2023-86d75130fe",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAC5KQ2SEWAMQ6UZAUBZ5KXKEOESH375/"
},
{
"name": "FEDORA-2023-2e38c3756f",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VNV2GNZXOTEDAJRFH3ZYWRUBGIVL7BSU/"
},
{
"name": "FEDORA-2023-ae96dd6105",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QABOUA2I542UTANVZIVFKWMRYVHLV32D/"
},
{
"name": "FEDORA-2023-b86fd9ad80",
"refsource": "FEDORA",
"tags": [],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UW4SCMT3SEUFVIL7YIADQ5K36GJEO6I5/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-07-01T06:15Z",
"publishedDate": "2022-11-28T13:15Z"
}
}
}
NCSC-2024-0466
Vulnerability from csaf_ncscnl - Published: 2024-12-06 13:05 - Updated: 2024-12-06 13:05Summary
Kwetsbaarheden verholpen in Atlassian producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.
Interpretaties: De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.
Voor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.
Oplossingen: Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-755: Improper Handling of Exceptional Conditions
CWE-347: Improper Verification of Cryptographic Signature
CWE-1050: Excessive Platform Resource Consumption within a Loop
CWE-23: Relative Path Traversal
CWE-1333: Inefficient Regular Expression Complexity
CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-400: Uncontrolled Resource Consumption
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-502: Deserialization of Untrusted Data
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20: Improper Input Validation
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
confluence
atlassian
|
cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
confluence
atlassian
|
cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
confluence
atlassian
|
cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
|
— | |
|
jira_software
atlassian
|
cpe:2.3:a:atlassian:jira_software:*:*:*:*:*:*:*:*
|
— | |
|
bamboo
atlassian
|
cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
|
— |
CWE-1050
- Excessive Platform Resource Consumption within a Loop
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
confluence
atlassian
|
cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
sourcetree_for_mac
atlassian
|
cpe:2.3:a:atlassian:sourcetree_for_mac:*:*:*:*:*:*:*:*
|
— | |
|
sourcetree_for_windows
atlassian
|
cpe:2.3:a:atlassian:sourcetree_for_windows:*:*:*:*:*:*:*:*
|
— | |
|
sourcetree
atlassian
|
cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:*
|
— | |
|
sourcetree
atlassian
|
cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*
|
— |
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bitbucket
atlassian
|
cpe:2.3:a:atlassian:bitbucket:-:*:*:*:*:*:*:*
|
— | |
|
confluence
atlassian
|
cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
atlassian_confluence__7.19.26
atlassian
|
cpe:2.3:a:atlassian:atlassian_confluence__7.19.26:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_confluence__9.0.1
atlassian
|
cpe:2.3:a:atlassian:atlassian_confluence__9.0.1:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_confluence__8.9.4
atlassian
|
cpe:2.3:a:atlassian:atlassian_confluence__8.9.4:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_confluence__8.5.12
atlassian
|
cpe:2.3:a:atlassian:atlassian_confluence__8.5.12:*:*:*:*:*:*:*:*
|
— | |
|
confluence
atlassian
|
cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
|
— | |
|
bitbucket
atlassian
|
cpe:2.3:a:atlassian:bitbucket:-:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
atlassian_confluence__8.5.14__lts_
atlassian
|
cpe:2.3:a:atlassian:atlassian_confluence__8.5.14__lts_:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_confluence__7.19.26__lts_
atlassian
|
cpe:2.3:a:atlassian:atlassian_confluence__7.19.26__lts_:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_jira_software_service_management_data_center__5.17.1
atlassian
|
cpe:2.3:a:atlassian:atlassian_jira_software_service_management_data_center__5.17.1:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_jira_software_service_management__5.12.12__lts_
atlassian
|
cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.12.12__lts_:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_jira_software_service_management__5.4.25__lts_
atlassian
|
cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.4.25__lts_:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_confluence_data_center__9.0.1
atlassian
|
cpe:2.3:a:atlassian:atlassian_confluence_data_center__9.0.1:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_jira_software_data_center__9.17.1
atlassian
|
cpe:2.3:a:atlassian:atlassian_jira_software_data_center__9.17.1:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_jira_software__9.12.12__lts_
atlassian
|
cpe:2.3:a:atlassian:atlassian_jira_software__9.12.12__lts_:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_jira_software__9.4.25__lts_
atlassian
|
cpe:2.3:a:atlassian:atlassian_jira_software__9.4.25__lts_:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_bamboo__9.2.17
atlassian
|
cpe:2.3:a:atlassian:atlassian_bamboo__9.2.17:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_bitbucket__8.19.9
atlassian
|
cpe:2.3:a:atlassian:atlassian_bitbucket__8.19.9:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_bamboo__9.6.4
atlassian
|
cpe:2.3:a:atlassian:atlassian_bamboo__9.6.4:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_bitbucket__9.0.0
atlassian
|
cpe:2.3:a:atlassian:atlassian_bitbucket__9.0.0:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_bitbucket__8.9.19
atlassian
|
cpe:2.3:a:atlassian:atlassian_bitbucket__8.9.19:*:*:*:*:*:*:*:*
|
— | |
|
atlassian_bamboo__10.0.0
atlassian
|
cpe:2.3:a:atlassian:atlassian_bamboo__10.0.0:*:*:*:*:*:*:*:*
|
— |
CWE-400
- Uncontrolled Resource Consumption
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
confluence
atlassian
|
cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*
|
— | |
|
bamboo
atlassian
|
cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
|
— |
7.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
jira_software
atlassian
|
cpe:2.3:a:atlassian:jira_software:*:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
bamboo
atlassian
|
cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*
|
— |
References
13 references
| URL | Category |
|---|---|
| https://confluence.atlassian.com/security/securit… | external |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2022… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Atlassian heeft kwetsbaarheden verholpen in diverse producten als Jira, Bamboo en Confluence.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende third party componenten van ontwikkelaars zoals Oracle, RedHat en het Apache consortium. Deze kwetsbaarheden kunnen leiden tot geheugenuitputting en Denial-of-Service (DoS) door onjuiste invoerbeperkingen. Aanvallers kunnen deze kwetsbaarheden misbruiken door speciaal vervaardigde verzoeken te sturen, wat kan resulteren in systeeminstabiliteit en crashes.\nVoor de kwetsbaarheden zijn door de diverse ontwikkelaars updates uitgebracht om ze te verhelpen. Atlassian heeft de updates verwerkt in de eigen producten.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "general",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
},
{
"category": "general",
"text": "Excessive Platform Resource Consumption within a Loop",
"title": "CWE-1050"
},
{
"category": "general",
"text": "Relative Path Traversal",
"title": "CWE-23"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - certbundde",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-19-2024-1456179091.html"
}
],
"title": "Kwetsbaarheden verholpen in Atlassian producten",
"tracking": {
"current_release_date": "2024-12-06T13:05:55.904619Z",
"id": "NCSC-2024-0466",
"initial_release_date": "2024-12-06T13:05:55.904619Z",
"revision_history": [
{
"date": "2024-12-06T13:05:55.904619Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "atlassian_bamboo__10.0.0",
"product": {
"name": "atlassian_bamboo__10.0.0",
"product_id": "CSAFPID-1645374",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bamboo__10.0.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bamboo__9.2.17",
"product": {
"name": "atlassian_bamboo__9.2.17",
"product_id": "CSAFPID-1621163",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bamboo__9.2.17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bamboo__9.6.4",
"product": {
"name": "atlassian_bamboo__9.6.4",
"product_id": "CSAFPID-1645371",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bamboo__9.6.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bitbucket__8.19.9",
"product": {
"name": "atlassian_bitbucket__8.19.9",
"product_id": "CSAFPID-1645370",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bitbucket__8.19.9:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bitbucket__8.9.19",
"product": {
"name": "atlassian_bitbucket__8.9.19",
"product_id": "CSAFPID-1645373",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bitbucket__8.9.19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_bitbucket__9.0.0",
"product": {
"name": "atlassian_bitbucket__9.0.0",
"product_id": "CSAFPID-1645372",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_bitbucket__9.0.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__7.19.26",
"product": {
"name": "atlassian_confluence__7.19.26",
"product_id": "CSAFPID-1621160",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__7.19.26__lts_",
"product": {
"name": "atlassian_confluence__7.19.26__lts_",
"product_id": "CSAFPID-1621135",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__7.19.26__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__8.5.12",
"product": {
"name": "atlassian_confluence__8.5.12",
"product_id": "CSAFPID-1645510",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__8.5.12:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__8.5.14__lts_",
"product": {
"name": "atlassian_confluence__8.5.14__lts_",
"product_id": "CSAFPID-1621133",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__8.5.14__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__8.9.4",
"product": {
"name": "atlassian_confluence__8.9.4",
"product_id": "CSAFPID-1645509",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__8.9.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence__9.0.1",
"product": {
"name": "atlassian_confluence__9.0.1",
"product_id": "CSAFPID-1621161",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence__9.0.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_confluence_data_center__9.0.1",
"product": {
"name": "atlassian_confluence_data_center__9.0.1",
"product_id": "CSAFPID-1621140",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_confluence_data_center__9.0.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software__9.12.12__lts_",
"product": {
"name": "atlassian_jira_software__9.12.12__lts_",
"product_id": "CSAFPID-1621142",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software__9.12.12__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software__9.4.25__lts_",
"product": {
"name": "atlassian_jira_software__9.4.25__lts_",
"product_id": "CSAFPID-1621143",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software__9.4.25__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_data_center__9.17.1",
"product": {
"name": "atlassian_jira_software_data_center__9.17.1",
"product_id": "CSAFPID-1621141",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_data_center__9.17.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_service_management__5.12.12__lts_",
"product": {
"name": "atlassian_jira_software_service_management__5.12.12__lts_",
"product_id": "CSAFPID-1621138",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.12.12__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_service_management__5.4.25__lts_",
"product": {
"name": "atlassian_jira_software_service_management__5.4.25__lts_",
"product_id": "CSAFPID-1621139",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_service_management__5.4.25__lts_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "atlassian_jira_software_service_management_data_center__5.17.1",
"product": {
"name": "atlassian_jira_software_service_management_data_center__5.17.1",
"product_id": "CSAFPID-1621137",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:atlassian_jira_software_service_management_data_center__5.17.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bamboo",
"product": {
"name": "bamboo",
"product_id": "CSAFPID-716889",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "bitbucket",
"product": {
"name": "bitbucket",
"product_id": "CSAFPID-1725084",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:bitbucket:-:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "confluence",
"product": {
"name": "confluence",
"product_id": "CSAFPID-551338",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "jira_software",
"product": {
"name": "jira_software",
"product_id": "CSAFPID-1725085",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:jira_software:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree",
"product": {
"name": "sourcetree",
"product_id": "CSAFPID-1724900",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree",
"product": {
"name": "sourcetree",
"product_id": "CSAFPID-1725556",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree",
"product": {
"name": "sourcetree",
"product_id": "CSAFPID-1725557",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree_for_mac",
"product": {
"name": "sourcetree_for_mac",
"product_id": "CSAFPID-1724286",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree_for_mac:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sourcetree_for_windows",
"product": {
"name": "sourcetree_for_windows",
"product_id": "CSAFPID-1724287",
"product_identification_helper": {
"cpe": "cpe:2.3:a:atlassian:sourcetree_for_windows:*:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "atlassian"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-38900",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-38900",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-38900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-551338"
]
}
],
"title": "CVE-2022-38900"
},
{
"cve": "CVE-2023-46234",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"notes": [
{
"category": "other",
"text": "Improper Verification of Cryptographic Signature",
"title": "CWE-347"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46234",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46234.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-551338"
]
}
],
"title": "CVE-2023-46234"
},
{
"cve": "CVE-2023-52428",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338",
"CSAFPID-1725085",
"CSAFPID-716889"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52428",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-551338",
"CSAFPID-1725085",
"CSAFPID-716889"
]
}
],
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2024-4068",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"notes": [
{
"category": "other",
"text": "Excessive Platform Resource Consumption within a Loop",
"title": "CWE-1050"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-4068",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4068.json"
}
],
"title": "CVE-2024-4068"
},
{
"cve": "CVE-2024-21697",
"product_status": {
"known_affected": [
"CSAFPID-1724286",
"CSAFPID-1724287",
"CSAFPID-1725556",
"CSAFPID-1725557"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21697",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21697.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-1724286",
"CSAFPID-1724287",
"CSAFPID-1725556",
"CSAFPID-1725557"
]
}
],
"title": "CVE-2024-21697"
},
{
"cve": "CVE-2024-24549",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1725084",
"CSAFPID-551338"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-24549",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1725084",
"CSAFPID-551338"
]
}
],
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-30172",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1621160",
"CSAFPID-1621161",
"CSAFPID-1645509",
"CSAFPID-1645510",
"CSAFPID-551338",
"CSAFPID-1725084"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-30172",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30172.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1621160",
"CSAFPID-1621161",
"CSAFPID-1645509",
"CSAFPID-1645510",
"CSAFPID-551338",
"CSAFPID-1725084"
]
}
],
"title": "CVE-2024-30172"
},
{
"cve": "CVE-2024-34750",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Exceptional Conditions",
"title": "CWE-755"
},
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1621133",
"CSAFPID-1621135",
"CSAFPID-1621137",
"CSAFPID-1621138",
"CSAFPID-1621139",
"CSAFPID-1621140",
"CSAFPID-1621141",
"CSAFPID-1621142",
"CSAFPID-1621143",
"CSAFPID-1621163",
"CSAFPID-1645370",
"CSAFPID-1645371",
"CSAFPID-1645372",
"CSAFPID-1645373",
"CSAFPID-1645374"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34750",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1621133",
"CSAFPID-1621135",
"CSAFPID-1621137",
"CSAFPID-1621138",
"CSAFPID-1621139",
"CSAFPID-1621140",
"CSAFPID-1621141",
"CSAFPID-1621142",
"CSAFPID-1621143",
"CSAFPID-1621163",
"CSAFPID-1645370",
"CSAFPID-1645371",
"CSAFPID-1645372",
"CSAFPID-1645373",
"CSAFPID-1645374"
]
}
],
"title": "CVE-2024-34750"
},
{
"cve": "CVE-2024-38286",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-38286",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38286.json"
}
],
"title": "CVE-2024-38286"
},
{
"cve": "CVE-2024-38816",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "other",
"text": "Relative Path Traversal",
"title": "CWE-23"
}
],
"product_status": {
"known_affected": [
"CSAFPID-551338",
"CSAFPID-716889"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38816",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-551338",
"CSAFPID-716889"
]
}
],
"title": "CVE-2024-38816"
},
{
"cve": "CVE-2024-45801",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1725085"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45801",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45801.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1725085"
]
}
],
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-716889"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-716889"
]
}
],
"title": "CVE-2024-47561"
}
]
}
RHSA-2023:1428
Vulnerability from csaf_redhat - Published: 2023-03-23 02:16 - Updated: 2026-06-03 17:12Summary
Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update
Severity
Important
Notes
Topic: The Migration Toolkit for Containers (MTC) 1.7.8 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* ua-parser-js: ReDoS vulnerability via the trim() function (CVE-2022-25927)
* loader-utils: Regular expression denial of service (CVE-2022-37603)
* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
* jszip: directory traversal via a crafted ZIP archive (CVE-2022-48285)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* The velero image cannot be overridden in the operator (BZ#2143389)
* Adding a MigCluster from UI fails when the domain name has characters more than 6 (BZ#2152149)
* UI fails to render the 'migrations' page: "Cannot read properties of undefined (reading 'name')" (BZ#2163485)
* Creating DPA resource fails on OCP 4.6 clusters (BZ#2173742)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service (ReDoS) via the trim() function.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Important
A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with `loadAsync`, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files, and execute arbitrary commands on the system.
7.3 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 | — |
Vendor Fix
fix
|
Known not affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 | — | ||
| Unresolved product id: 8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 | — |
Threats
Impact
Moderate
References
63 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:1428 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2140597 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2143389 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2150323 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2152149 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2156263 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2156683 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2163485 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2165020 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2165797 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2165824 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2170644 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2173742 | external |
| https://issues.redhat.com/browse/MIG-1298 | external |
| https://issues.redhat.com/browse/MIG-1315 | external |
| https://issues.redhat.com/browse/MIG-1318 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2020-36567 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2156683 | external |
| https://www.cve.org/CVERecord?id=CVE-2020-36567 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2020-36567 | external |
| https://github.com/gin-gonic/gin/commit/a71af9c14… | external |
| https://github.com/gin-gonic/gin/pull/2237 | external |
| https://pkg.go.dev/vuln/GO-2020-0001 | external |
| https://access.redhat.com/security/cve/CVE-2022-24999 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2150323 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-24999 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-24999 | external |
| https://github.com/expressjs/express/releases/tag… | external |
| https://github.com/ljharb/qs/pull/428 | external |
| https://github.com/n8tz/CVE-2022-24999 | external |
| https://access.redhat.com/security/cve/CVE-2022-25881 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2165824 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-25881 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-25881 | external |
| https://access.redhat.com/security/cve/CVE-2022-25927 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2165020 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-25927 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-25927 | external |
| https://access.redhat.com/security/cve/CVE-2022-37603 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2140597 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-37603 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-37603 | external |
| https://access.redhat.com/security/cve/CVE-2022-38900 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2170644 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-38900 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-38900 | external |
| https://github.com/SamVerschueren/decode-uri-comp… | external |
| https://github.com/advisories/GHSA-w573-4hg7-7wgq | external |
| https://access.redhat.com/security/cve/CVE-2022-46175 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2156263 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-46175 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-46175 | external |
| https://github.com/json5/json5/security/advisorie… | external |
| https://access.redhat.com/security/cve/CVE-2022-48285 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2165797 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-48285 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-48285 | external |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | external |
| https://github.com/Stuk/jszip/commit/2edab366119c… | external |
| https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0 | external |
| https://www.mend.io/vulnerability-database/WS-2023-0004 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The Migration Toolkit for Containers (MTC) 1.7.8 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* gin: Unsanitized input in the default logger in github.com/gin-gonic/gin (CVE-2020-36567)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* ua-parser-js: ReDoS vulnerability via the trim() function (CVE-2022-25927)\n\n* loader-utils: Regular expression denial of service (CVE-2022-37603)\n\n* json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)\n\n* jszip: directory traversal via a crafted ZIP archive (CVE-2022-48285)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The velero image cannot be overridden in the operator (BZ#2143389)\n\n* Adding a MigCluster from UI fails when the domain name has characters more than 6 (BZ#2152149)\n\n* UI fails to render the \u0027migrations\u0027 page: \"Cannot read properties of undefined (reading \u0027name\u0027)\" (BZ#2163485)\n\n* Creating DPA resource fails on OCP 4.6 clusters (BZ#2173742)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1428",
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "2143389",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2143389"
},
{
"category": "external",
"summary": "2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "2152149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152149"
},
{
"category": "external",
"summary": "2156263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
},
{
"category": "external",
"summary": "2156683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683"
},
{
"category": "external",
"summary": "2163485",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163485"
},
{
"category": "external",
"summary": "2165020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165020"
},
{
"category": "external",
"summary": "2165797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165797"
},
{
"category": "external",
"summary": "2165824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
},
{
"category": "external",
"summary": "2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "2173742",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2173742"
},
{
"category": "external",
"summary": "MIG-1298",
"url": "https://issues.redhat.com/browse/MIG-1298"
},
{
"category": "external",
"summary": "MIG-1315",
"url": "https://issues.redhat.com/browse/MIG-1315"
},
{
"category": "external",
"summary": "MIG-1318",
"url": "https://issues.redhat.com/browse/MIG-1318"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1428.json"
}
],
"title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.8 security and bug fix update",
"tracking": {
"current_release_date": "2026-06-03T17:12:37+00:00",
"generator": {
"date": "2026-06-03T17:12:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:1428",
"initial_release_date": "2023-03-23T02:16:09+00:00",
"revision_history": [
{
"date": "2023-03-23T02:16:09+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-23T02:16:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T17:12:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-RHMTC-1.7",
"product": {
"name": "8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhmt:1.7::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Migration Toolkit"
},
{
"branches": [
{
"category": "product_version",
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"product": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.8-6"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"product": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"product_id": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-hook-runner-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"product": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.8-10"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"product": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"product": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"product": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"product": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.8-10"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"product": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"product_id": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.8-10"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"product": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"product": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"product": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.8-5"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.8-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.8-3"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"product": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.8-4"
}
}
},
{
"category": "product_version",
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64",
"product": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64",
"product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.8-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64"
},
"product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64"
},
"product_reference": "rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64"
},
"product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64"
},
"product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64"
},
"product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64"
},
"product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64"
},
"product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64"
},
"product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64"
},
"product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64"
},
"product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
},
"product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64"
},
"product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64 as a component of 8Base-RHMTC-1.7",
"product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
},
"product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64",
"relates_to_product_reference": "8Base-RHMTC-1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36567",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2022-12-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156683"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-36567"
},
{
"category": "external",
"summary": "RHBZ#2156683",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156683"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-36567",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36567"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36567"
},
{
"category": "external",
"summary": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d",
"url": "https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d"
},
{
"category": "external",
"summary": "https://github.com/gin-gonic/gin/pull/2237",
"url": "https://github.com/gin-gonic/gin/pull/2237"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2020-0001",
"url": "https://pkg.go.dev/vuln/GO-2020-0001"
}
],
"release_date": "2022-12-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "gin: Unsanitized input in the default logger in github.com/gin-gonic/gin"
},
{
"cve": "CVE-2022-24999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-02T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150323"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: \"qs\" prototype poisoning causes the hang of the node process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24999"
},
{
"category": "external",
"summary": "RHBZ#2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/pull/428",
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"category": "external",
"summary": "https://github.com/n8tz/CVE-2022-24999",
"url": "https://github.com/n8tz/CVE-2022-24999"
}
],
"release_date": "2022-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: \"qs\" prototype poisoning causes the hang of the node process"
},
{
"cve": "CVE-2022-25881",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2165824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25881"
},
{
"category": "external",
"summary": "RHBZ#2165824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
},
{
"cve": "CVE-2022-25927",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-01-27T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2165020"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ua-parser-js. This issue could allow a malicious user to trigger a regular expression denial of service (ReDoS) via the trim() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ua-parser-js: ReDoS vulnerability via the trim() function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25927"
},
{
"category": "external",
"summary": "RHBZ#2165020",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165020"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25927"
}
],
"release_date": "2023-01-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ua-parser-js: ReDoS vulnerability via the trim() function"
},
{
"cve": "CVE-2022-37603",
"cwe": {
"id": "CWE-185",
"name": "Incorrect Regular Expression"
},
"discovery_date": "2022-11-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140597"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in loader-utils webpack library. When the url variable from interpolateName is set, the prototype can be polluted. This issue could lead to a regular expression Denial of Service (ReDoS), affecting the availability of the affected component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "loader-utils: Regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-37603"
},
{
"category": "external",
"summary": "RHBZ#2140597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-37603",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37603"
}
],
"release_date": "2022-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "loader-utils: Regular expression denial of service"
},
{
"cve": "CVE-2022-38900",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170644"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "decode-uri-component: improper input validation resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38900"
},
{
"category": "external",
"summary": "RHBZ#2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
},
{
"category": "external",
"summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "decode-uri-component: improper input validation resulting in DoS"
},
{
"cve": "CVE-2022-46175",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-26T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156263"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the json5 package. The affected version of the json5 package could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json5: Prototype Pollution in JSON5 via Parse Method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The json5 package is a build-time dependency in Red Hat products and is not used in production runtime. Hence, the impact is set to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-46175"
},
{
"category": "external",
"summary": "RHBZ#2156263",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156263"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46175"
},
{
"category": "external",
"summary": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h",
"url": "https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h"
}
],
"release_date": "2022-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json5: Prototype Pollution in JSON5 via Parse Method"
},
{
"cve": "CVE-2022-48285",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2165797"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the JSZip package. Affected versions of JSZip could allow a remote attacker to traverse directories on the system caused by the failure to sanitize filenames when files are loaded with `loadAsync`, which makes the library vulnerable to a Zip Slip attack. By extracting files from a specially crafted archive, an attacker could gain access to parts of the file system outside of the target folder, overwrite the executable files, and execute arbitrary commands on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jszip: directory traversal via a crafted ZIP archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"known_not_affected": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-48285"
},
{
"category": "external",
"summary": "RHBZ#2165797",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165797"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-48285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48285"
},
{
"category": "external",
"summary": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244499",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/244499"
},
{
"category": "external",
"summary": "https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15",
"url": "https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15"
},
{
"category": "external",
"summary": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0",
"url": "https://github.com/Stuk/jszip/compare/v3.7.1...v3.8.0"
},
{
"category": "external",
"summary": "https://www.mend.io/vulnerability-database/WS-2023-0004",
"url": "https://www.mend.io/vulnerability-database/WS-2023-0004"
}
],
"release_date": "2023-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-23T02:16:09+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1428"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:5bd15eedeaa345b05580d154819e813bde9feb60e99a5f5f03187c43205f7d0f_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-hook-runner-rhel8@sha256:61f534bd9ce8b65cc9111336e4db1d57a0e7f0a614094ee25b4532324a8bfe71_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:9213e3ca5be9a82934b910c188626a45f9f1265d032251e3337083ecf41c7bde_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:85b1795ccbe0f13810605b579ebd25a8bc3a41f25a0c6b98df654eb894e559b8_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:79741d28197747559160fe140258eb3c5bf5b42351ad88b2f00642eba2180fee_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:10c90d8813b9045bde25cac6cc0cbd1de8095be3ea353c07ba77ca13ee561165_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:9e0d9d0d4acaf95c553d1c23ec62161554a24fd8b2a6d9d50bad8cb4d8da7229_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:24afdf147e24a631d8f4267d0594bf15db8a024bd1a86b49189c1d4c01acd5e5_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:fc0422805208ff6b659ff190837f4dd8ce589b6862d7abd2c5d649b47271f6f9_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:70676a347e14d1a4d2c5dc2259c73a7348401eb51c16c0dcd62b78326b2d9e1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:6da0fcb9118ff62926e16dcd0146c85ab0972cd7e304027032bf925b7bde4dd0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:8c196e46603987091fac589001c805708f9f8d243c00f828938bbcca132d52a0_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2dca85c9f00468f63d741c2133457122ebb148c6580c055174d5e6b9daaa33e2_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:8341be8ea6d3f65544829158f007c15865165fb590e43f0928ad22bcedeed870_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:5837e38d784cf83e06b343dfbfc10f250cf399b6af810a8f584f7aadb5258a1b_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:b4102f9a94d6a539e695a446f59c9395287b53c10ccd4a2a274feec40c6e0368_amd64",
"8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:d6958eee44939ace90ddadc33f60a5cee1ce30ec97a65aeea4ec5788aaf08d94_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jszip: directory traversal via a crafted ZIP archive"
}
]
}
RHSA-2023:1533
Vulnerability from csaf_redhat - Published: 2023-03-30 13:06 - Updated: 2026-06-03 17:12Summary
Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update
Severity
Important
Notes
Topic: An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (14.21.3).
Security Fix(es):
* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)
* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
* minimist: prototype pollution (CVE-2021-44906)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)
* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
8.6 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
6.5 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
4.2 (Medium)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14 | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
70 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:1533 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2066009 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2130518 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2134609 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2140911 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2142823 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2150323 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2156324 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2165824 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2168631 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2170644 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2171935 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2172217 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2175828 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2021-35065 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2156324 | external |
| https://www.cve.org/CVERecord?id=CVE-2021-35065 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2021-35065 | external |
| https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-… | external |
| https://access.redhat.com/security/cve/CVE-2021-44906 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2066009 | external |
| https://www.cve.org/CVERecord?id=CVE-2021-44906 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2021-44906 | external |
| https://github.com/advisories/GHSA-xvch-5gv4-984h | external |
| https://access.redhat.com/security/cve/CVE-2022-3517 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2134609 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-3517 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-3517 | external |
| https://access.redhat.com/security/cve/CVE-2022-4904 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2168631 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-4904 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-4904 | external |
| https://github.com/c-ares/c-ares/issues/496 | external |
| https://access.redhat.com/security/cve/CVE-2022-24999 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2150323 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-24999 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-24999 | external |
| https://github.com/expressjs/express/releases/tag… | external |
| https://github.com/ljharb/qs/pull/428 | external |
| https://github.com/n8tz/CVE-2022-24999 | external |
| https://access.redhat.com/security/cve/CVE-2022-25881 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2165824 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-25881 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-25881 | external |
| https://access.redhat.com/security/cve/CVE-2022-35256 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2130518 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-35256 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-35256 | external |
| https://nodejs.org/en/blog/vulnerability/septembe… | external |
| https://access.redhat.com/security/cve/CVE-2022-38900 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2170644 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-38900 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-38900 | external |
| https://github.com/SamVerschueren/decode-uri-comp… | external |
| https://github.com/advisories/GHSA-w573-4hg7-7wgq | external |
| https://access.redhat.com/security/cve/CVE-2022-43548 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2140911 | external |
| https://www.cve.org/CVERecord?id=CVE-2022-43548 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-43548 | external |
| https://nodejs.org/en/blog/vulnerability/november… | external |
| https://access.redhat.com/security/cve/CVE-2023-23918 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2171935 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-23918 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-23918 | external |
| https://access.redhat.com/security/cve/CVE-2023-23920 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2172217 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-23920 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-23920 | external |
Acknowledgments
VVX7
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (14.21.3).\n\nSecurity Fix(es):\n\n* decode-uri-component: improper input validation resulting in DoS (CVE-2022-38900)\n\n* glob-parent: Regular Expression Denial of Service (CVE-2021-35065)\n\n* minimist: prototype pollution (CVE-2021-44906)\n\n* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)\n\n* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)\n\n* express: \"qs\" prototype poisoning causes the hang of the node process (CVE-2022-24999)\n\n* http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881)\n\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\n* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)\n\n* Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918)\n\n* Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:1533",
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "2130518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518"
},
{
"category": "external",
"summary": "2134609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
},
{
"category": "external",
"summary": "2140911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"
},
{
"category": "external",
"summary": "2142823",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2142823"
},
{
"category": "external",
"summary": "2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "2156324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
},
{
"category": "external",
"summary": "2165824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
},
{
"category": "external",
"summary": "2168631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"category": "external",
"summary": "2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "2171935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
},
{
"category": "external",
"summary": "2172217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
},
{
"category": "external",
"summary": "2175828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2175828"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1533.json"
}
],
"title": "Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2026-06-03T17:12:37+00:00",
"generator": {
"date": "2026-06-03T17:12:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2023:1533",
"initial_release_date": "2023-03-30T13:06:07+00:00",
"revision_history": [
{
"date": "2023-03-30T13:06:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-03-30T13:06:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T17:12:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=src\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"product": {
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src (nodejs:14)",
"product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=src\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"product": {
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14)",
"product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=src\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"product": {
"name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch (nodejs:14)",
"product_id": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"product": {
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch (nodejs:14)",
"product_id": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@2.0.20-3.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=noarch\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"product": {
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14)",
"product_id": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@23-3.module%2Bel8.3.0%2B6519%2B9f98ed83?arch=noarch\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
"product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
"product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
"product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
"product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14)",
"product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
"product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
"product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
"product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
"product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14)",
"product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
"product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
"product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
"product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
"product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14)",
"product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
"product_id": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
"product_id": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
"product_id": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
"product_id": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
"product_id": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@14.21.3-1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
},
{
"category": "product_version",
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14)",
"product_id": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@6.14.18-1.14.21.3.1.module%2Bel8.4.0%2B18317%2B43f5ac16?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:14:8040020230306170312:522a0ee4"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
},
"product_reference": "nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
},
"product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
},
"product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
},
"product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
},
"product_reference": "nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
},
"product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
},
"product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
},
"product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
},
"product_reference": "nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
},
"product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
},
"product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
},
"product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
},
"product_reference": "nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14"
},
"product_reference": "nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
},
"product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
},
"product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
},
"product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
},
"product_reference": "nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14"
},
"product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14"
},
"product_reference": "nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14"
},
"product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14"
},
"product_reference": "nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14"
},
"product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14"
},
"product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14"
},
"product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64 (nodejs:14) as a component of Red Hat Enterprise Linux AppStream EUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
},
"product_reference": "npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-35065",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-12-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2156324"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob-parent: Regular Expression Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The glob-parent package is a transitive dependency and this is not used directly in any of the Red Hat products. Hence, the impact is reduced to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-35065"
},
{
"category": "external",
"summary": "RHBZ#2156324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2156324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35065"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294",
"url": "https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294"
}
],
"release_date": "2022-12-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glob-parent: Regular Expression Denial of Service"
},
{
"cve": "CVE-2021-44906",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2066009"
}
],
"notes": [
{
"category": "description",
"text": "An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw (CVE-2021-44906) allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimist: prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "As minimist is an argument parsing module for nodejs, exploitation of this vulnerability requires an attacker to influence which arguments are passed to nodejs when running a script. Red Hat products and services are designed in such a way that gaining this ability is not trivial. Additionally, the impact is limited by only enabling the pollution of functions, and not all generic objects.\n\nWithin Red Hat Satellite 6 this flaw has been rated as having a security impact of Low. It is not currently planned to be addressed there, as the minimist library is only included in the -doc subpackage and is part of test fixtures that are not in the execution path used by the rabl gem.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-44906"
},
{
"category": "external",
"summary": "RHBZ#2066009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2066009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44906"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-xvch-5gv4-984h",
"url": "https://github.com/advisories/GHSA-xvch-5gv4-984h"
}
],
"release_date": "2022-03-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimist: prototype pollution"
},
{
"cve": "CVE-2022-3517",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2022-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2134609"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-minimatch: ReDoS via the braceExpand function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-3517"
},
{
"category": "external",
"summary": "RHBZ#2134609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2134609"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3517"
}
],
"release_date": "2022-02-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-minimatch: ReDoS via the braceExpand function"
},
{
"cve": "CVE-2022-4904",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2023-02-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2168631"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "c-ares: buffer overflow in config_sortlist() due to missing string length check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a disruption of the availability of an application, yet doesn\u2019t compromise data integrity or confidentiality. The opportunity for disruption is further limited due to the requirement that an application allows an attacker to be able to input both untrusted and unvalidated data. Exploiting this flaw requires an application to use the library in such a way that would allow untrusted and unvalidated input to be passed directly to ares_set_sortlist by an attacker. In the event that this is able to occur, the impact to RHEL is limited to a crash of the application due to the protections offered by default in RHEL systems such as Stack Smashing Protection (SSP).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-4904"
},
{
"category": "external",
"summary": "RHBZ#2168631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2168631"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4904"
},
{
"category": "external",
"summary": "https://github.com/c-ares/c-ares/issues/496",
"url": "https://github.com/c-ares/c-ares/issues/496"
}
],
"release_date": "2022-12-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "c-ares: buffer overflow in config_sortlist() due to missing string length check"
},
{
"cve": "CVE-2022-24999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2022-12-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2150323"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: \"qs\" prototype poisoning causes the hang of the node process",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won\u0027t fix. \n- In OpenShift Service Mesh, \u0027qs\u0027 is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-24999"
},
{
"category": "external",
"summary": "RHBZ#2150323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24999"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/releases/tag/4.17.3",
"url": "https://github.com/expressjs/express/releases/tag/4.17.3"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/pull/428",
"url": "https://github.com/ljharb/qs/pull/428"
},
{
"category": "external",
"summary": "https://github.com/n8tz/CVE-2022-24999",
"url": "https://github.com/n8tz/CVE-2022-24999"
}
],
"release_date": "2022-11-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: \"qs\" prototype poisoning causes the hang of the node process"
},
{
"cve": "CVE-2022-25881",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2023-01-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2165824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact of a succesfull exploiation of this vulnerability will only lead to a denial of service of the system,furthermore the exploitation will require an attacker to specifically craft a regular expression patterns in request headers (i.e. nontrivial input) that trigger pathological regex behavior but since most systems will have limits on header sizes or input validation that reduce the risk of triggering the extreme pathological regex cases which is why this has been marked as moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-25881"
},
{
"category": "external",
"summary": "RHBZ#2165824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
}
],
"release_date": "2023-01-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability"
},
{
"acknowledgments": [
{
"names": [
"VVX7"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2022-35256",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2022-09-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2130518"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS due to improper validation of HTTP requests. The llhttp parser in the HTTP module in Node.js does not correctly handle header fields that are not terminated with CLRF. This issue may result in HTTP Request Smuggling. This flaw allows a remote attacker to send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-35256"
},
{
"category": "external",
"summary": "RHBZ#2130518",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2130518"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256",
"url": "https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256"
}
],
"release_date": "2022-09-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: HTTP Request Smuggling due to incorrect parsing of header fields"
},
{
"cve": "CVE-2022-38900",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2023-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2170644"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in decode-uri-component. This issue occurs due to a specially crafted input, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "decode-uri-component: improper input validation resulting in DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For OpenShift Container Platform (OCP), Advanced Clusters Management for Kubernetes (ACM) and Advanced Cluster Security (ACS), the NPM decode-uri-component package is only present in source repositories as a development dependency, it is not used in production. Therefore this vulnerability is rated Low for OCP and ACS.\n\nIn Red Hat OpenShift Logging the openshift-logging/kibana6-rhel8 container bundles many nodejs packages as a build time dependencies, including the decode-uri-component package. \nThe vulnerable code is not used, hence the impact to OpenShift Logging by this vulnerability is Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-38900"
},
{
"category": "external",
"summary": "RHBZ#2170644",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170644"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38900"
},
{
"category": "external",
"summary": "https://github.com/SamVerschueren/decode-uri-component/issues/5",
"url": "https://github.com/SamVerschueren/decode-uri-component/issues/5"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-w573-4hg7-7wgq",
"url": "https://github.com/advisories/GHSA-w573-4hg7-7wgq"
}
],
"release_date": "2022-11-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "decode-uri-component: improper input validation resulting in DoS"
},
{
"cve": "CVE-2022-43548",
"cwe": {
"id": "CWE-350",
"name": "Reliance on Reverse DNS Resolution for a Security-Critical Action"
},
"discovery_date": "2022-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2140911"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: DNS rebinding in inspect via invalid octal IP address",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Redhat has marked this vulnerability as moderate for two primary reasons.\n1. The vulnerable inspect functionality might not be enabled, exposed, or reachable in many deployments.\n\n2.The code path might require very specific configurations or conditions (e.g. DNS rebinding, certain host/IP setups) that are rare in default environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-43548"
},
{
"category": "external",
"summary": "RHBZ#2140911",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140911"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548",
"url": "https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548"
}
],
"release_date": "2022-11-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: DNS rebinding in inspect via invalid octal IP address"
},
{
"cve": "CVE-2023-23918",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2171935"
}
],
"notes": [
{
"category": "description",
"text": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Permissions policies can be bypassed via process.mainModule",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in question can only be triggered by an attacker if the victim has enabled --experimental-policy which in many node.js deployments won\u0027t ,which marks the conditions for exploitability outside of the attacker\u0027s control.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23918"
},
{
"category": "external",
"summary": "RHBZ#2171935",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171935"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
}
],
"release_date": "2023-02-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
},
{
"category": "workaround",
"details": "Turn off the --experimental-policy in your Node.js deployment.",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Permissions policies can be bypassed via process.mainModule"
},
{
"cve": "CVE-2023-23920",
"cwe": {
"id": "CWE-426",
"name": "Untrusted Search Path"
},
"discovery_date": "2023-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2172217"
}
],
"notes": [
{
"category": "description",
"text": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: insecure loading of ICU data through ICU_DATA environment variable",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-23920"
},
{
"category": "external",
"summary": "RHBZ#2172217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2172217"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
}
],
"release_date": "2023-02-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-30T13:06:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:1533"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debuginfo-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-debugsource-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-devel-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-docs-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-full-i18n-1:14.21.3-1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-nodemon-0:2.0.20-3.module+el8.4.0+18317+43f5ac16.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.noarch::nodejs:14",
"AppStream-8.4.0.Z.EUS:nodejs-packaging-0:23-3.module+el8.3.0+6519+9f98ed83.src::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.aarch64::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.ppc64le::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.s390x::nodejs:14",
"AppStream-8.4.0.Z.EUS:npm-1:6.14.18-1.14.21.3.1.module+el8.4.0+18317+43f5ac16.x86_64::nodejs:14"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Node.js: insecure loading of ICU data through ICU_DATA environment variable"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…