Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-45590 (GCVE-0-2024-45590)
Vulnerability from cvelistv5 – Published: 2024-09-10 15:54 – Updated: 2024-09-10 18:47
VLAI
EPSS
Title
body-parser vulnerable to denial of service when url encoding is enabled
Summary
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/expressjs/body-parser/security… | x_refsource_CONFIRM |
| https://github.com/expressjs/body-parser/commit/b… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| expressjs | body-parser |
Affected:
< 1.20.3
|
|
| expressjs | body-parser |
Affected:
0 , < 1.20.3
(custom)
cpe:2.3:a:expressjs:body-parser:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:expressjs:body-parser:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "body-parser",
"vendor": "expressjs",
"versions": [
{
"lessThan": "1.20.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45590",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T18:42:41.773305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T18:47:22.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "body-parser",
"vendor": "expressjs",
"versions": [
{
"status": "affected",
"version": "\u003c 1.20.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "body-parser is Node.js body parsing middleware. body-parser \u003c1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:54:02.330Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
},
{
"name": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
}
],
"source": {
"advisory": "GHSA-qwcr-r2fm-qrc7",
"discovery": "UNKNOWN"
},
"title": "body-parser vulnerable to denial of service when url encoding is enabled"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45590",
"datePublished": "2024-09-10T15:54:02.330Z",
"dateReserved": "2024-09-02T16:00:02.422Z",
"dateUpdated": "2024-09-10T18:47:22.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-45590",
"date": "2026-06-04",
"epss": "0.01387",
"percentile": "0.80667"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45590\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-10T16:15:21.083\",\"lastModified\":\"2024-09-20T16:26:44.977\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"body-parser is Node.js body parsing middleware. body-parser \u003c1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.\"},{\"lang\":\"es\",\"value\":\"body-parser es un middleware de an\u00e1lisis de cuerpo de Node.js. body-parser en versiones anteriores a la 1.20.3 es vulnerable a la denegaci\u00f3n de servicio cuando la codificaci\u00f3n de URL est\u00e1 habilitada. Un actor malintencionado que utilice un payload especialmente manipulado podr\u00eda inundar el servidor con una gran cantidad de solicitudes, lo que provocar\u00eda una denegaci\u00f3n de servicio. Este problema se solucion\u00f3 en la versi\u00f3n 1.20.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-405\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openjsf:body-parser:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.20.3\",\"matchCriteriaId\":\"42A6B188-985D-4F15-B31B-46D67F4E3F07\"}]}]}],\"references\":[{\"url\":\"https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45590\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T18:42:41.773305Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:expressjs:body-parser:*:*:*:*:*:*:*:*\"], \"vendor\": \"expressjs\", \"product\": \"body-parser\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.20.3\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-10T18:45:10.928Z\"}}], \"cna\": {\"title\": \"body-parser vulnerable to denial of service when url encoding is enabled\", \"source\": {\"advisory\": \"GHSA-qwcr-r2fm-qrc7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"expressjs\", \"product\": \"body-parser\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.20.3\"}]}], \"references\": [{\"url\": \"https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7\", \"name\": \"https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce\", \"name\": \"https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"body-parser is Node.js body parsing middleware. body-parser \u003c1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-405\", \"description\": \"CWE-405: Asymmetric Resource Consumption (Amplification)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-09-10T15:54:02.330Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45590\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-10T18:47:22.965Z\", \"dateReserved\": \"2024-09-02T16:00:02.422Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-09-10T15:54:02.330Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0233
Vulnerability from certfr_avis - Published: 2025-03-21 - Updated: 2025-03-21
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Control Center | Sterling Control Center versions 6.2.1.x antérieures à 6.2.1.0 iFix15 | ||
| IBM | Qradar Advisor | Qradar Advisor versions antérieures à 2.6.6 | ||
| IBM | AIX | AIX versions 7.2.x et 7.3.x sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Control Center versions 6.2.1.x ant\u00e9rieures \u00e0 \t\n6.2.1.0 iFix15",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Qradar Advisor versions ant\u00e9rieures \u00e0 2.6.6",
"product": {
"name": "Qradar Advisor",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2.x et 7.3.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-38986",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38986"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2024-56347",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56347"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-28439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28439"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2012-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5784"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2018-8032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8032"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2024-4340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4340"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2019-0227",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0227"
},
{
"name": "CVE-2024-56346",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56346"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2014-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3596"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-1681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1681"
},
{
"name": "CVE-2024-6221",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6221"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2022-22321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22321"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
}
],
"initial_release_date": "2025-03-21T00:00:00",
"last_revision_date": "2025-03-21T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0233",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7186423",
"url": "https://www.ibm.com/support/pages/node/7186423"
},
{
"published_at": "2025-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7192736",
"url": "https://www.ibm.com/support/pages/node/7192736"
},
{
"published_at": "2025-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7186621",
"url": "https://www.ibm.com/support/pages/node/7186621"
}
]
}
CERTFR-2025-AVI-0356
Vulnerability from certfr_avis - Published: 2025-04-30 - Updated: 2025-04-30
De multiples vulnérabilités ont été découvertes dans les produits Splunk User Behavior Analytics (UBA). Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Splunk | Splunk User Behavior Analytics (UBA) | Splunk User Behavior Analytics (UBA) versions 5.4.x antérieures à 5.4.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Splunk User Behavior Analytics (UBA) versions 5.4.x ant\u00e9rieures \u00e0 5.4.2",
"product": {
"name": "Splunk User Behavior Analytics (UBA)",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2020-26137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2022-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40898"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
}
],
"initial_release_date": "2025-04-30T00:00:00",
"last_revision_date": "2025-04-30T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0356",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk User Behavior Analytics (UBA). Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk User Behavior Analytics (UBA)",
"vendor_advisories": [
{
"published_at": "2025-04-29",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0418",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0418"
}
]
}
CERTFR-2025-AVI-0546
Vulnerability from certfr_avis - Published: 2025-06-27 - Updated: 2025-06-27
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | WebSphere | WebSphere Application Server versions 8.5.x sans les derniers correctifs de sécurité | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository sans les derniers correctifs de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web services versions 6.4.x antérieures à 6.4.0.3 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x sans les derniers correctifs de sécurité | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web services versions 6.3.x antérieures à 6.3.0.14 | ||
| IBM | Spectrum | Spectrum Protect Plus versions 10.1.x antérieures à 10.1.17.1 | ||
| IBM | QRadar | QRadar Hub versions antérieures à 3.8.3 | ||
| IBM | AIX | AIX versions 7.3.x sans les derniers correctif de sécurité | ||
| IBM | Db2 | DB2 Data Management Console pour CPD versions antérieures à 4.8.7 | ||
| IBM | QRadar Deployment Intelligence App | QRadar Deployment Intelligence App versions antérieures à 3.0.17 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere Application Server versions 8.5.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.3",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.14",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.17.1",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Hub versions ant\u00e9rieures \u00e0 3.8.3",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.3.x sans les derniers correctif de s\u00e9curit\u00e9",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console pour CPD versions ant\u00e9rieures \u00e0 4.8.7",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.17",
"product": {
"name": "QRadar Deployment Intelligence App",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2020-29651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29651"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-8305",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8305"
},
{
"name": "CVE-2023-1409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1409"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-7553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7553"
},
{
"name": "CVE-2024-36124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36124"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2024-8207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8207"
},
{
"name": "CVE-2024-3372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3372"
},
{
"name": "CVE-2025-33214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33214"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2019-20916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
},
{
"name": "CVE-2020-7789",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7789"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-1077",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2024-56334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56334"
},
{
"name": "CVE-2020-28493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
},
{
"name": "CVE-2024-6375",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6375"
},
{
"name": "CVE-2025-36038",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36038"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
}
],
"initial_release_date": "2025-06-27T00:00:00",
"last_revision_date": "2025-06-27T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0546",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238297",
"url": "https://www.ibm.com/support/pages/node/7238297"
},
{
"published_at": "2025-06-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237702",
"url": "https://www.ibm.com/support/pages/node/7237702"
},
{
"published_at": "2025-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7237967",
"url": "https://www.ibm.com/support/pages/node/7237967"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238168",
"url": "https://www.ibm.com/support/pages/node/7238168"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238156",
"url": "https://www.ibm.com/support/pages/node/7238156"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238155",
"url": "https://www.ibm.com/support/pages/node/7238155"
},
{
"published_at": "2025-06-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238295",
"url": "https://www.ibm.com/support/pages/node/7238295"
},
{
"published_at": "2025-06-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7238159",
"url": "https://www.ibm.com/support/pages/node/7238159"
}
]
}
CERTFR-2025-AVI-0661
Vulnerability from certfr_avis - Published: 2025-08-07 - Updated: 2025-08-07
De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 25.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
},
{
"description": " AppDynamics On-Premise Enterprise Console versions ant\u00e9rieures \u00e0 25.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Splunk",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-30681",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30681"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2025-30689",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30689"
},
{
"name": "CVE-2025-30715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30715"
},
{
"name": "CVE-2025-30682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30682"
},
{
"name": "CVE-2025-21500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2025-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
},
{
"name": "CVE-2025-21543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21543"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2024-47601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47601"
},
{
"name": "CVE-2025-21519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
},
{
"name": "CVE-2024-47544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47544"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2024-47538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
},
{
"name": "CVE-2024-47545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47545"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2022-38398",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38398"
},
{
"name": "CVE-2025-30703",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30703"
},
{
"name": "CVE-2025-21505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2024-4761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4761"
},
{
"name": "CVE-2025-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
},
{
"name": "CVE-2024-47596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47596"
},
{
"name": "CVE-2022-48285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48285"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2025-30696",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30696"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2020-10650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
},
{
"name": "CVE-2025-21584",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21584"
},
{
"name": "CVE-2022-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0391"
},
{
"name": "CVE-2020-36189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2023-34462",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
},
{
"name": "CVE-2018-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
},
{
"name": "CVE-2024-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7246"
},
{
"name": "CVE-2024-47602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47602"
},
{
"name": "CVE-2021-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-47541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47541"
},
{
"name": "CVE-2024-47774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47774"
},
{
"name": "CVE-2023-50186",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50186"
},
{
"name": "CVE-2024-47599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47599"
},
{
"name": "CVE-2024-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47606"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2024-47540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47540"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2023-0833",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0833"
},
{
"name": "CVE-2024-47542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47542"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2025-30683",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30683"
},
{
"name": "CVE-2025-30699",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30699"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-21531",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21531"
},
{
"name": "CVE-2023-35116",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
},
{
"name": "CVE-2025-21555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
},
{
"name": "CVE-2024-47546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47546"
},
{
"name": "CVE-2024-47607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2019-14439",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
},
{
"name": "CVE-2025-21574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21574"
},
{
"name": "CVE-2025-27888",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27888"
},
{
"name": "CVE-2024-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47537"
},
{
"name": "CVE-2025-21580",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21580"
},
{
"name": "CVE-2024-52979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52979"
},
{
"name": "CVE-2025-21575",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21575"
},
{
"name": "CVE-2023-6992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6992"
},
{
"name": "CVE-2025-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
},
{
"name": "CVE-2025-21577",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21577"
},
{
"name": "CVE-2024-47778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47778"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2018-12022",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
},
{
"name": "CVE-2018-5968",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
},
{
"name": "CVE-2024-47777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47777"
},
{
"name": "CVE-2025-30705",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30705"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2024-47543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47543"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-47600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47600"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2025-30684",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30684"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-21579",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21579"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2025-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
},
{
"name": "CVE-2024-47835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47835"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2024-47597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47597"
},
{
"name": "CVE-2025-21520",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21520"
},
{
"name": "CVE-2024-47539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47539"
},
{
"name": "CVE-2021-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23413"
},
{
"name": "CVE-2023-6378",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
},
{
"name": "CVE-2022-4899",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4899"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2022-40146",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40146"
},
{
"name": "CVE-2025-30721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30721"
},
{
"name": "CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"name": "CVE-2019-10172",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
},
{
"name": "CVE-2025-21491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2025-30687",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30687"
},
{
"name": "CVE-2024-47598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47598"
},
{
"name": "CVE-2024-47603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47603"
},
{
"name": "CVE-2022-38648",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38648"
},
{
"name": "CVE-2025-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
},
{
"name": "CVE-2025-21559",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-21518",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21518"
},
{
"name": "CVE-2025-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30704"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-47615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
},
{
"name": "CVE-2025-30693",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30693"
},
{
"name": "CVE-2025-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21585"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2025-21497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2024-47776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47776"
},
{
"name": "CVE-2024-47834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47834"
},
{
"name": "CVE-2024-47775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47775"
},
{
"name": "CVE-2025-21581",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21581"
},
{
"name": "CVE-2025-30685",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30685"
},
{
"name": "CVE-2025-30695",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30695"
},
{
"name": "CVE-2025-30688",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30688"
},
{
"name": "CVE-2025-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2025-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
}
],
"initial_release_date": "2025-08-07T00:00:00",
"last_revision_date": "2025-08-07T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0661",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
"vendor_advisories": [
{
"published_at": "2025-08-06",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0802",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0802"
},
{
"published_at": "2025-08-06",
"title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2025-0801",
"url": "https://advisory.splunk.com/advisories/SVD-2025-0801"
}
]
}
FKIE_CVE-2024-45590
Vulnerability from fkie_nvd - Published: 2024-09-10 16:15 - Updated: 2024-09-20 16:26
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openjsf | body-parser | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openjsf:body-parser:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "42A6B188-985D-4F15-B31B-46D67F4E3F07",
"versionEndExcluding": "1.20.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "body-parser is Node.js body parsing middleware. body-parser \u003c1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3."
},
{
"lang": "es",
"value": "body-parser es un middleware de an\u00e1lisis de cuerpo de Node.js. body-parser en versiones anteriores a la 1.20.3 es vulnerable a la denegaci\u00f3n de servicio cuando la codificaci\u00f3n de URL est\u00e1 habilitada. Un actor malintencionado que utilice un payload especialmente manipulado podr\u00eda inundar el servidor con una gran cantidad de solicitudes, lo que provocar\u00eda una denegaci\u00f3n de servicio. Este problema se solucion\u00f3 en la versi\u00f3n 1.20.3."
}
],
"id": "CVE-2024-45590",
"lastModified": "2024-09-20T16:26:44.977",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-10T16:15:21.083",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-405"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-QWCR-R2FM-QRC7
Vulnerability from github – Published: 2024-09-10 15:52 – Updated: 2024-09-10 19:01
VLAI
Summary
body-parser vulnerable to denial of service when url encoding is enabled
Details
Impact
body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.
Patches
this issue is patched in 1.20.3
References
Severity
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "body-parser"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-45590"
],
"database_specific": {
"cwe_ids": [
"CWE-405"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-10T15:52:39Z",
"nvd_published_at": "2024-09-10T16:15:21Z",
"severity": "HIGH"
},
"details": "### Impact\n\nbody-parser \u003c1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service.\n\n### Patches\n\nthis issue is patched in 1.20.3\n\n### References\n",
"id": "GHSA-qwcr-r2fm-qrc7",
"modified": "2024-09-10T19:01:08Z",
"published": "2024-09-10T15:52:39Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"type": "WEB",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"type": "PACKAGE",
"url": "https://github.com/expressjs/body-parser"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "body-parser vulnerable to denial of service when url encoding is enabled"
}
MSRC_CVE-2024-45590
Vulnerability from csaf_microsoft - Published: 2024-09-01 07:00 - Updated: 2026-02-18 02:30Summary
body-parser vulnerable to denial of service when url encoding is enabled
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17220-17086 | — | ||
| Unresolved product id: 17632-17084 | — | ||
| Unresolved product id: 19820-17086 | — | ||
| Unresolved product id: 19693-17084 | — |
Known affected
4 products
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-2 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45590 body-parser vulnerable to denial of service when url encoding is enabled - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-45590.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "body-parser vulnerable to denial of service when url encoding is enabled",
"tracking": {
"current_release_date": "2026-02-18T02:30:01.000Z",
"generator": {
"date": "2026-02-18T12:16:03.028Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-45590",
"initial_release_date": "2024-09-01T07:00:00.000Z",
"revision_history": [
{
"date": "2024-10-15T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-10-16T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added reaper to CBL-Mariner 2.0\nAdded python-tensorboard to Azure Linux 3.0"
},
{
"date": "2024-10-25T00:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added reaper to CBL-Mariner 2.0\nAdded python-tensorboard to Azure Linux 3.0"
},
{
"date": "2024-12-03T00:00:00.000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added reaper to CBL-Mariner 2.0\nAdded python-tensorboard to Azure Linux 3.0"
},
{
"date": "2026-02-18T02:30:01.000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Information published."
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 reaper 3.1.1-13",
"product": {
"name": "\u003ccbl2 reaper 3.1.1-13",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "cbl2 reaper 3.1.1-13",
"product": {
"name": "cbl2 reaper 3.1.1-13",
"product_id": "17220"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 reaper 3.1.1-18",
"product": {
"name": "\u003ccbl2 reaper 3.1.1-18",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 reaper 3.1.1-18",
"product": {
"name": "cbl2 reaper 3.1.1-18",
"product_id": "19820"
}
}
],
"category": "product_name",
"name": "reaper"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 python-tensorboard 2.16.2-5",
"product": {
"name": "\u003cazl3 python-tensorboard 2.16.2-5",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "azl3 python-tensorboard 2.16.2-5",
"product": {
"name": "azl3 python-tensorboard 2.16.2-5",
"product_id": "17632"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 python-tensorboard 2.16.2-6",
"product": {
"name": "\u003cazl3 python-tensorboard 2.16.2-6",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "azl3 python-tensorboard 2.16.2-6",
"product_id": "19693"
}
}
],
"category": "product_name",
"name": "python-tensorboard"
},
{
"category": "product_name",
"name": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "cbl2 python-tensorboard 2.11.0-3",
"product_id": "2"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 reaper 3.1.1-13 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 reaper 3.1.1-13 as a component of CBL Mariner 2.0",
"product_id": "17220-17086"
},
"product_reference": "17220",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-tensorboard 2.16.2-5 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-5 as a component of Azure Linux 3.0",
"product_id": "17632-17084"
},
"product_reference": "17632",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 reaper 3.1.1-18 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 reaper 3.1.1-18 as a component of CBL Mariner 2.0",
"product_id": "19820-17086"
},
"product_reference": "19820",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-tensorboard 2.11.0-3 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "19693-17084"
},
"product_reference": "19693",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17086-2"
]
}
],
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17220-17086",
"17632-17084",
"19820-17086",
"19693-17084"
],
"known_affected": [
"17086-5",
"17084-4",
"17086-1",
"17084-3"
],
"known_not_affected": [
"17086-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45590 body-parser vulnerable to denial of service when url encoding is enabled - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-45590.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-15T00:00:00.000Z",
"details": "3.1.1-13:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-5",
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2024-10-15T00:00:00.000Z",
"details": "2.16.2-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-4",
"17084-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17086-5",
"17084-4",
"17086-1",
"17084-3"
]
}
],
"title": "body-parser vulnerable to denial of service when url encoding is enabled"
}
]
}
RHBA-2024:11265
Vulnerability from csaf_redhat - Published: 2024-12-17 15:12 - Updated: 2026-06-02 15:18Summary
Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.4.0 release.
Severity
Important
Notes
Topic: Red Hat Developer Hub 1.4 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.
4.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Threats
Impact
Low
A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the backstage/plugin-catalog-backend package. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A directory traversal vulnerability was found in the backstage/plugin-techdocs-backend package. When using the AWS S3 or GCS storage provider for TechDocs, it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the backstage/plugin-techdocs-backend package. An attacker with control of the contents of the TechDocs storage buckets may be able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link.
5.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Threats
Impact
Moderate
A flaw was found in the backstage/plugin-app-backend package. Configurations supplied through APP_CONFIG_* environment variables unexpectedly ignore the visibility defined in the configuration schema, potentially exposing sensitive configuration details intended to remain private or restricted to backend processes.
5.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
63 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.4 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2024:11265",
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-21536",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-21538",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45296",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45590",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45815",
"url": "https://access.redhat.com/security/cve/CVE-2024-45815"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45816",
"url": "https://access.redhat.com/security/cve/CVE-2024-45816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-46976",
"url": "https://access.redhat.com/security/cve/CVE-2024-46976"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-47762",
"url": "https://access.redhat.com/security/cve/CVE-2024-47762"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_11265.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.4.0 release.",
"tracking": {
"current_release_date": "2026-06-02T15:18:58+00:00",
"generator": {
"date": "2026-06-02T15:18:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHBA-2024:11265",
"initial_release_date": "2024-12-17T15:12:17+00:00",
"revision_history": [
{
"date": "2024-12-17T15:12:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-12T21:34:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:18:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub (RHDH) 1.4",
"product": {
"name": "Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub (RHDH)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.4-1734106454"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.4-1734106469"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.4-1734113472"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-19T06:00:36.846953+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2319884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "RHBZ#2319884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"release_date": "2024-10-19T05:00:04.056000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have any mitigation recommendations at this time.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Denial of Service"
},
{
"cve": "CVE-2024-21538",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-11-08T13:44:29.182678+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2324550"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cross-spawn: regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "RHBZ#2324550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/pull/160",
"url": "https://github.com/moxystudio/node-cross-spawn/pull/160"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230",
"url": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230"
}
],
"release_date": "2024-11-08T05:00:04.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cross-spawn: regular expression denial of service"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
},
{
"cve": "CVE-2024-45815",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2024-09-17T21:20:06.780788+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312952"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the backstage/plugin-catalog-backend package. A malicious actor with authenticated access to a Backstage instance with the catalog backend plugin installed is able to interrupt the service using a specially crafted query to the catalog API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin-catalog-backend: prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45815"
},
{
"category": "external",
"summary": "RHBZ#2312952",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312952"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45815"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45815",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45815"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-3x3f-jcp3-g22j",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-3x3f-jcp3-g22j"
}
],
"release_date": "2024-09-17T21:15:12.320000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin-catalog-backend: prototype pollution vulnerability"
},
{
"cve": "CVE-2024-45816",
"cwe": {
"id": "CWE-23",
"name": "Relative Path Traversal"
},
"discovery_date": "2024-09-17T21:20:09.051855+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312953"
}
],
"notes": [
{
"category": "description",
"text": "A directory traversal vulnerability was found in the backstage/plugin-techdocs-backend package. When using the AWS S3 or GCS storage provider for TechDocs, it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin-techdocs-backend: storage bucket directory traversal in TechDocs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45816"
},
{
"category": "external",
"summary": "RHBZ#2312953",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312953"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45816"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-39v3-f278-vj3g"
}
],
"release_date": "2024-09-17T21:15:12.553000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin-techdocs-backend: storage bucket directory traversal in TechDocs"
},
{
"cve": "CVE-2024-46976",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2024-09-17T21:20:11.815685+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312954"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the backstage/plugin-techdocs-backend package. An attacker with control of the contents of the TechDocs storage buckets may be able to inject executable scripts in the TechDocs content that will be executed in the victim\u0027s browser when browsing documentation or navigating to an attacker provided link.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "plugin-techdocs-backend: circumvention of XSS protection in TechDocs",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-46976"
},
{
"category": "external",
"summary": "RHBZ#2312954",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312954"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-46976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46976"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-46976",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46976"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-5j94-f3mf-8685",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-5j94-f3mf-8685"
}
],
"release_date": "2024-09-17T21:15:12.763000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "plugin-techdocs-backend: circumvention of XSS protection in TechDocs"
},
{
"cve": "CVE-2024-47762",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2024-10-03T18:01:14.495619+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the backstage/plugin-app-backend package. Configurations supplied through APP_CONFIG_* environment variables unexpectedly ignore the visibility defined in the configuration schema, potentially exposing sensitive configuration details intended to remain private or restricted to backend processes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "backstage/plugin-app-backend: Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47762"
},
{
"category": "external",
"summary": "RHBZ#2316342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47762"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/commit/323e6129073c5cb4cc106a1239eaec31a129554f",
"url": "https://github.com/backstage/backstage/commit/323e6129073c5cb4cc106a1239eaec31a129554f"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-qc4v-xq2m-65wc",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-qc4v-xq2m-65wc"
}
],
"release_date": "2024-10-03T17:14:34.529000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-17T15:12:17+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:11265"
},
{
"category": "workaround",
"details": "Avoid supplying secrets using the APP_CONFIG_* configuration pattern. Consider alternative methods such as the environment variable substitution.\n\nSee this link for more information about environment variable substitution: https://backstage.io/docs/conf/writing/#environment-variable-substitution",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:2981d2470951ea1e26eb968aefc39ab48ab7d9634a520cf2bbd8c5fef313db15_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:448fba0f5f87dc6508b96503fbb794b5b67ed4dea3c95f42d5accdfe1c77e721_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "backstage/plugin-app-backend: Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend"
}
]
}
RHBA-2024:9054
Vulnerability from csaf_redhat - Published: 2024-11-11 01:39 - Updated: 2026-06-02 15:21Summary
Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.1 bugfix release
Severity
Important
Notes
Topic: Red Hat Developer Hub 1.3.1 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed,
customizable developer portal based on Backstage.io. RHDH is supported on
OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features
of RHDH include a single pane of glass, a centralized software catalog,
self-service via golden path templates, and Tech Docs. RHDH is extensible by
plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Node.js WebSocket library (ws). A request with several headers exceeding the 'server.maxHeadersCount' threshold could be used to crash a ws server, leading to a denial of service.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64 | — |
Workaround
|
|
| Unresolved product id: 9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64 | — |
Workaround
|
Threats
Impact
Important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.3.1 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed,\ncustomizable developer portal based on Backstage.io. RHDH is supported on\nOpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features\nof RHDH include a single pane of glass, a centralized software catalog,\nself-service via golden path templates, and Tech Docs. RHDH is extensible by\nplugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2024:9054",
"url": "https://access.redhat.com/errata/RHBA-2024:9054"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.3",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.3"
},
{
"category": "external",
"summary": "RHIDP-4343",
"url": "https://issues.redhat.com/browse/RHIDP-4343"
},
{
"category": "external",
"summary": "RHIDP-4344",
"url": "https://issues.redhat.com/browse/RHIDP-4344"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_9054.json"
}
],
"title": "Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.1 bugfix release",
"tracking": {
"current_release_date": "2026-06-02T15:21:01+00:00",
"generator": {
"date": "2026-06-02T15:21:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHBA-2024:9054",
"initial_release_date": "2024-11-11T01:39:34+00:00",
"revision_history": [
{
"date": "2024-11-11T01:39:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-11T01:39:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:21:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.3 for RHEL 9",
"product": {
"name": "Red Hat Developer Hub 1.3 for RHEL 9",
"product_id": "9Base-RHDH-1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"product": {
"name": "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"product_id": "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9\u0026tag=1.3-124"
}
}
},
{
"category": "product_version",
"name": "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"product": {
"name": "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"product_id": "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle\u0026tag=1.3-118"
}
}
},
{
"category": "product_version",
"name": "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64",
"product": {
"name": "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64",
"product_id": "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator\u0026tag=1.3-119"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64 as a component of Red Hat Developer Hub 1.3 for RHEL 9",
"product_id": "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
},
"product_reference": "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"relates_to_product_reference": "9Base-RHDH-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64 as a component of Red Hat Developer Hub 1.3 for RHEL 9",
"product_id": "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64"
},
"product_reference": "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"relates_to_product_reference": "9Base-RHDH-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64 as a component of Red Hat Developer Hub 1.3 for RHEL 9",
"product_id": "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
},
"product_reference": "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64",
"relates_to_product_reference": "9Base-RHDH-1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21536",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-10-19T06:00:36.846953+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2319884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "http-proxy-middleware: Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
],
"known_not_affected": [
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21536"
},
{
"category": "external",
"summary": "RHBZ#2319884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21536"
},
{
"category": "external",
"summary": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a",
"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"
},
{
"category": "external",
"summary": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22",
"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906",
"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"
}
],
"release_date": "2024-10-19T05:00:04.056000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-11T01:39:34+00:00",
"details": "To install the Red Hat Developer Hub 1.3, follow the instructions linked from the References section.",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:9054"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have any mitigation recommendations at this time.",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "http-proxy-middleware: Denial of Service"
},
{
"cve": "CVE-2024-37890",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-06-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2292777"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebSocket library (ws). A request with several headers exceeding the \u0027server.maxHeadersCount\u0027 threshold could be used to crash a ws server, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ws: denial of service when handling a request with many HTTP headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
],
"known_not_affected": [
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-37890"
},
{
"category": "external",
"summary": "RHBZ#2292777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-37890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37890"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q"
}
],
"release_date": "2024-06-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-11T01:39:34+00:00",
"details": "To install the Red Hat Developer Hub 1.3, follow the instructions linked from the References section.",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:9054"
},
{
"category": "workaround",
"details": "The issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. The issue can be mitigated also by seting server.maxHeadersCount to 0.",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-ws: denial of service when handling a request with many HTTP headers"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
],
"known_not_affected": [
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-11T01:39:34+00:00",
"details": "To install the Red Hat Developer Hub 1.3, follow the instructions linked from the References section.",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2024:9054"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64",
"9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
}
]
}
RHSA-2024:10186
Vulnerability from csaf_redhat - Published: 2024-11-22 01:06 - Updated: 2026-06-04 00:10Summary
Red Hat Security Advisory: ACS 4.5 enhancement update
Severity
Important
Notes
Topic: Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes a bug fix and security fixes.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: This release of RHACS 4.5.5 introduces the following changes:
Bug fix:
* Fixed an issue with redirects in curl commands leading to empty files and errors in scanning. (ROX-26929)
* Scanner V4 now reindexes image upon indexer updates. (ROX-23956)
Security fixes:
* encoding/gob: golang: Calling Decoder.Decode on a message which contains
deeply nested structures can cause a panic due to stack exhaustion
(CVE-2024-34156)
* body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590)
* dompurify: DOMPurify vulnerable to tampering by prototype pollution
(CVE-2024-48910)
* golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6
addresses (CVE-2024-24790)
* cross-spawn: Regular expression denial of service (CVE-2024-21538)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in the
References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.
4.4 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x | — |
Vendor Fix
fix
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64 | — |
Threats
Impact
Low
A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.
5.5 (Medium)
Affected products
Fixed
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64 | — |
Vendor Fix
fix
|
Known not affected
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64 | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le | — | ||
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x | — |
Threats
Impact
Moderate
A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.
6.7 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64 | — |
Workaround
|
Threats
Impact
Important
A prototype pollution vulnerability was found in DOMPurify. This flaw allows a remote attacker to add or modify attributes of an object prototype. This issue can lead to the injection of malicious attributes used in other components or cause a crash by overriding existing attributes with ones of incompatible type.
8.2 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64 | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le | — |
Workaround
|
|
| Unresolved product id: 8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64 | — |
Workaround
|
Threats
Impact
Important
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes a bug fix and security fixes.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of RHACS 4.5.5 introduces the following changes:\n\nBug fix:\n\n* Fixed an issue with redirects in curl commands leading to empty files and errors in scanning. (ROX-26929)\n\n* Scanner V4 now reindexes image upon indexer updates. (ROX-23956)\n\nSecurity fixes:\n\n* encoding/gob: golang: Calling Decoder.Decode on a message which contains\ndeeply nested structures can cause a panic due to stack exhaustion\n(CVE-2024-34156)\n\n* body-parser: Denial of Service Vulnerability in body-parser (CVE-2024-45590)\n\n* dompurify: DOMPurify vulnerable to tampering by prototype pollution\n(CVE-2024-48910)\n\n* golang: archive/zip: Incorrect handling of certain ZIP files (CVE-2024-24789)\n\n* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6\naddresses (CVE-2024-24790)\n\n* cross-spawn: Regular expression denial of service (CVE-2024-21538)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in the\nReferences section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10186",
"url": "https://access.redhat.com/errata/RHSA-2024:10186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2292668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292668"
},
{
"category": "external",
"summary": "2292787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292787"
},
{
"category": "external",
"summary": "2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "2322949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322949"
},
{
"category": "external",
"summary": "2324550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324550"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10186.json"
}
],
"title": "Red Hat Security Advisory: ACS 4.5 enhancement update",
"tracking": {
"current_release_date": "2026-06-04T00:10:03+00:00",
"generator": {
"date": "2026-06-04T00:10:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2024:10186",
"initial_release_date": "2024-11-22T01:06:56+00:00",
"revision_history": [
{
"date": "2024-11-22T01:06:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-11-22T01:06:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-04T00:10:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHACS 4.5 for RHEL 8",
"product": {
"name": "RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.5.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.5.5-4"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.5.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.5.5-4"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"product_id": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"product_id": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-collector-slim-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"product_id": "advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8\u0026tag=4.5.5-3"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"product_id": "advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"product_id": "advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"product_id": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8\u0026tag=4.5.5-4"
}
}
},
{
"category": "product_version",
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"product": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"product_id": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8\u0026tag=4.5.5-4"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"relates_to_product_reference": "8Base-RHACS-4.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64 as a component of RHACS 4.5 for RHEL 8",
"product_id": "8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
},
"product_reference": "advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64",
"relates_to_product_reference": "8Base-RHACS-4.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21538",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-11-08T13:44:29.182678+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2324550"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cross-spawn: regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x"
],
"known_not_affected": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "RHBZ#2324550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/pull/160",
"url": "https://github.com/moxystudio/node-cross-spawn/pull/160"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230",
"url": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230"
}
],
"release_date": "2024-11-08T05:00:04.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-22T01:06:56+00:00",
"details": "If you are using an earlier version of RHACS 4.5, you are advised to upgrade to this patch release 4.5.5.",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10186"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cross-spawn: regular expression denial of service"
},
{
"cve": "CVE-2024-24789",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-06-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2292668"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Incorrect handling of certain ZIP files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
],
"known_not_affected": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24789"
},
{
"category": "external",
"summary": "RHBZ#2292668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292668"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24789",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24789"
}
],
"release_date": "2024-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-22T01:06:56+00:00",
"details": "If you are using an earlier version of RHACS 4.5, you are advised to upgrade to this patch release 4.5.5.",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10186"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Incorrect handling of certain ZIP files"
},
{
"cve": "CVE-2024-24790",
"cwe": {
"id": "CWE-115",
"name": "Misinterpretation of Input"
},
"discovery_date": "2024-06-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2292787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn\u0027t behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been marked as moderate as for our products a network-based attack vector is simply impossible when it comes to golang code,apart from that as per CVE flaw analysis reported by golang, this only affects integrity and confidentiality and has no effect on availability, hence CVSS has been marked as such.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x"
],
"known_not_affected": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24790"
},
{
"category": "external",
"summary": "RHBZ#2292787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24790"
}
],
"release_date": "2024-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-22T01:06:56+00:00",
"details": "If you are using an earlier version of RHACS 4.5, you are advised to upgrade to this patch release 4.5.5.",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10186"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses"
},
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x"
],
"known_not_affected": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-22T01:06:56+00:00",
"details": "If you are using an earlier version of RHACS 4.5, you are advised to upgrade to this patch release 4.5.5.",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10186"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x"
],
"known_not_affected": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-22T01:06:56+00:00",
"details": "If you are using an earlier version of RHACS 4.5, you are advised to upgrade to this patch release 4.5.5.",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10186"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
},
{
"cve": "CVE-2024-48910",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2024-10-31T15:00:53.609372+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2322949"
}
],
"notes": [
{
"category": "description",
"text": "A prototype pollution vulnerability was found in DOMPurify. This flaw allows a remote attacker to add or modify attributes of an object prototype. This issue can lead to the injection of malicious attributes used in other components or cause a crash by overriding existing attributes with ones of incompatible type.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: DOMPurify vulnerable to tampering by prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The prototype pollution vulnerability in DOMPurify is considered a high-severity issue because it allows attackers to modify the prototype of built-in JavaScript objects, potentially impacting the entire application. This could lead to security risks, such as overwriting methods on fundamental objects like `Object`, `Array`, or `Function`, allowing attackers to manipulate application behavior, bypass security controls, or cause application crashes. Given that DOMPurify is a core library for sanitizing user input, an attacker exploiting this vulnerability could gain control over how sanitized content is processed, leading to the execution of malicious scripts or triggering other unintended behaviors across the application.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x"
],
"known_not_affected": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-48910"
},
{
"category": "external",
"summary": "RHBZ#2322949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-48910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-48910",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48910"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc",
"url": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr"
}
],
"release_date": "2024-10-31T14:22:52.867000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-22T01:06:56+00:00",
"details": "If you are using an earlier version of RHACS 4.5, you are advised to upgrade to this patch release 4.5.5.",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10186"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:79fc46d20cd3787ee5129832c5241ce33484fd64ce00dd8f3873f497c355a3f5_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:9ecbf4c82ae5adbe31e667a90d8f2373b241b0d9262d23a1d1194b79307cd750_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-central-db-rhel8@sha256:a7bc7b1b31cdce51d2b5edd96290401eea9df86098bcad167947934e7ba624a1_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:2734e59b4f5115595fb286a8e63ddfa735d918e2d40b9a76702704e21fbe0581_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:6347c6cdd000ec7f9f76f171313de70bd210b26ef2b575306ef7c9dd6f1dd614_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-rhel8@sha256:b7d78346ed114c2259a4318df15fdf825226f1a67c55f6cfb2497616fbd3c667_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:22ebd5953ed18868b378c0aaf3f15184b275ba160c371e831192787dde892b89_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:519f9cbede8adc5e659c01c48a9e73d4c71045b95ebba68a079712305525306c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:d605988258e3c3dba21c3acaec5fff23863d55d42fbd70ee0cf32d3914e83cad_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:18074a936a8e98219d23a1396deaf43329cad464da8830ab739af32f1f339de9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:2a2042c482bc973f5c7f3d0b2269c26fef9091919d615e6204f437af71fc97d2_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-main-rhel8@sha256:e5c6287683f1a41971bd3b0eb43281eea17e7dce287ea4298e08b062ee7cbe2a_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a846783fa12efc4f8f9fb71c6a07b0a0e3d35833f00a437c0e574300f5c0eb44_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:a9d8e784d1518403036a2bdf69ae87d1dada4581c6b233764c4e6ab97ad155ca_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-operator-bundle@sha256:b262749b36483ac23f7e9311a410b4e1bfb3455074e189d2cd4e88570c953803_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:23fe140d4053fccc34d5a45424272a6e8541c2c1c555310fba8c0b72d631ae8e_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:3f623ea920f59e62daca5a72e3989fbb661d15dadcc260ad8c337f95d3ba0fe9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-rhel8-operator@sha256:defdc09b5b0c215612f77e03cacaf51af89dbc12cde45b794a98ee59f903b1cf_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:1b8ccd467895c572aaf16679912f94b098349b8cd02094aedcd4d15e8160d496_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:64f27e29c5669628d29ffd3c1a1afeb3998537396591edb4427cab467fe992a0_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-roxctl-rhel8@sha256:f3567a4e068a1d57a8a662fb3bd991f43e01a1b7591667ef9abea9d3af67e0ca_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:4a69203931016c786835d129e57ef914d848fbe64f656b368cde952f56ee61dd_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:74515973a5ba749782d896b03ee18924e0ab4072ccd15c79b6055717cbdcfbc7_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:9649c0c7c428e08d4dcbe00ebc0f3335d9fb260a9ec652e2d51d787896648097_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:569e117b6bb2b70e98b72fcba7e3e0a2beeb208dbe262bc0f6a90c6564c26003_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:c81b3cb945aebcaf5e8311d45ca2b9e8680d27ac350dcad3cb9f9472af80a0fa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:f770fe7f346d3815325020fcfc4d79988eee85970cd2efa5666ffa024cfa2dcf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:2873555154a7e86d0d50ab04530f7dac31db601368e42da693306c493ac75836_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:650c3b298aa0a161a5005725e97b1ea9d73bea90ded7a917be241f8f6fce7ef3_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-rhel8@sha256:67b04d8f3ee93c00399d90fce995c61bdec2d8ad8f5429f51b6a3fcaf5d837ff_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:1ea83a89d29664ada45cec629c40969ff84086f9a9550e5d347615a946bf1f5c_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:886e59b45539b1a754f13ab65c000923ddf4dd47cc4b3f1a5508e70ba2fdeeaa_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:cef5d878b1598b58db0d0f3f4bd4be7f3616ab5e586b3cec33dd8b855a3b699d_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:7aa40436ac01560d67b9898094918760f71d61ed274bb07892cd4dd76c789993_amd64",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:9debaa9e0953cb60e9d7e189d5feda503d87208dc107acf5430840cfc93df0de_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:defdb3ac5f37c7c98762ecf061577b5a41a2fa547318445d23981d4eacf3c5ba_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:40f42baadbbba89fabb1e368082218b6a489cf50379428ac178bfa8f0637becf_s390x",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:d4a3278bb2f1ec87b3075522ce9e655c6c325d2e00dc630d2bf2958021315ff9_ppc64le",
"8Base-RHACS-4.5:advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:f47593313f447d4d7d3b0921056b877000da7f43efafd4f009d73714c723ebe5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dompurify: DOMPurify vulnerable to tampering by prototype pollution"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…