Vulnerability-Lookup

RHSA-2023:3918

Vulnerability from csaf_redhat - Published: 2023-06-29 00:59 - Updated: 2026-05-29 20:32

Summary

Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.5 security and bug fix update

Severity

Important

Notes

Topic: OpenShift API for Data Protection (OADP) 1.1.5 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Security Fix(es): * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) * golang: go/parser: Infinite loop in parsing (CVE-2023-24537) * golang: html/template: backticks not treated as string delimiters (CVE-2023-24538) * golang: html/template: improper sanitization of CSS values (CVE-2023-24539) * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2022-41723

A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64	—	Vendor Fix fix

Known not affected 30 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le		—

Threats

Impact Moderate

CVE-2023-24534

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x	—	Vendor Fix fix

Known not affected 33 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le		—

Threats

Impact Moderate

CVE-2023-24536

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x	—	Vendor Fix fix Workaround

Known not affected 33 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le	—	Workaround

Threats

Impact Moderate

CVE-2023-24537

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x	—	Vendor Fix fix Workaround

Known not affected 33 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le	—	Workaround

Threats

Impact Moderate

CVE-2023-24538

A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x	—	Vendor Fix fix Workaround

Known not affected 33 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le	—	Workaround

Threats

Impact Moderate

CVE-2023-24539

A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-176 - Improper Handling of Unicode Encoding

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x	—	Vendor Fix fix Workaround

Known not affected 33 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le	—	Workaround

Threats

Impact Moderate

CVE-2023-24540

A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-176 - Improper Handling of Unicode Encoding

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x	—	Vendor Fix fix Workaround

Known not affected 33 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le	—	Workaround

Threats

Impact Important

CVE-2023-29400

A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr={{.}}") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-176 - Improper Handling of Unicode Encoding

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x	—	Vendor Fix fix Workaround

Known not affected 33 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le	—	Workaround

Threats

Impact Moderate

References

59 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:3918	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2178358	external
https://bugzilla.redhat.com/show_bug.cgi?id=2184481	external
https://bugzilla.redhat.com/show_bug.cgi?id=2184482	external
https://bugzilla.redhat.com/show_bug.cgi?id=2184483	external
https://bugzilla.redhat.com/show_bug.cgi?id=2184484	external
https://bugzilla.redhat.com/show_bug.cgi?id=2196026	external
https://bugzilla.redhat.com/show_bug.cgi?id=2196027	external
https://bugzilla.redhat.com/show_bug.cgi?id=2196029	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2022-41723	self
https://bugzilla.redhat.com/show_bug.cgi?id=2178358	external
https://www.cve.org/CVERecord?id=CVE-2022-41723	external
https://nvd.nist.gov/vuln/detail/CVE-2022-41723	external
https://github.com/advisories/GHSA-vvpx-j8f3-3w6h	external
https://go.dev/cl/468135	external
https://go.dev/cl/468295	external
https://go.dev/issue/57855	external
https://groups.google.com/g/golang-announce/c/V0a…	external
https://pkg.go.dev/vuln/GO-2023-1571	external
https://vuln.go.dev/ID/GO-2023-1571.json	external
https://access.redhat.com/security/cve/CVE-2023-24534	self
https://bugzilla.redhat.com/show_bug.cgi?id=2184483	external
https://www.cve.org/CVERecord?id=CVE-2023-24534	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24534	external
https://go.dev/issue/58975	external
https://groups.google.com/g/golang-announce/c/Xdv…	external
https://access.redhat.com/security/cve/CVE-2023-24536	self
https://bugzilla.redhat.com/show_bug.cgi?id=2184482	external
https://www.cve.org/CVERecord?id=CVE-2023-24536	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24536	external
https://go.dev/issue/59153	external
https://access.redhat.com/security/cve/CVE-2023-24537	self
https://bugzilla.redhat.com/show_bug.cgi?id=2184484	external
https://www.cve.org/CVERecord?id=CVE-2023-24537	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24537	external
https://github.com/golang/go/issues/59180	external
https://access.redhat.com/security/cve/CVE-2023-24538	self
https://bugzilla.redhat.com/show_bug.cgi?id=2184481	external
https://www.cve.org/CVERecord?id=CVE-2023-24538	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24538	external
https://github.com/golang/go/issues/59234	external
https://access.redhat.com/security/cve/CVE-2023-24539	self
https://bugzilla.redhat.com/show_bug.cgi?id=2196026	external
https://www.cve.org/CVERecord?id=CVE-2023-24539	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24539	external
https://github.com/golang/go/issues/59720	external
https://groups.google.com/g/golang-announce/c/MEb…	external
https://access.redhat.com/security/cve/CVE-2023-24540	self
https://bugzilla.redhat.com/show_bug.cgi?id=2196027	external
https://www.cve.org/CVERecord?id=CVE-2023-24540	external
https://nvd.nist.gov/vuln/detail/CVE-2023-24540	external
https://go.dev/issue/59721	external
https://access.redhat.com/security/cve/CVE-2023-29400	self
https://bugzilla.redhat.com/show_bug.cgi?id=2196029	external
https://www.cve.org/CVERecord?id=CVE-2023-29400	external
https://nvd.nist.gov/vuln/detail/CVE-2023-29400	external
https://go.dev/issue/59722	external

Acknowledgments

Catena Cyber Philippe Antoine

Mattermost Juho Nurminen

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift API for Data Protection (OADP) 1.1.5 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es):\n\n* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)\n\n* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)\n\n* golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)\n\n* golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)\n\n* golang: go/parser: Infinite loop in parsing (CVE-2023-24537)\n\n* golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)\n\n* golang: html/template: improper sanitization of CSS values (CVE-2023-24539)\n\n* golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:3918",
        "url": "https://access.redhat.com/errata/RHSA-2023:3918"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2178358",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358"
      },
      {
        "category": "external",
        "summary": "2184481",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184481"
      },
      {
        "category": "external",
        "summary": "2184482",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184482"
      },
      {
        "category": "external",
        "summary": "2184483",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184483"
      },
      {
        "category": "external",
        "summary": "2184484",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184484"
      },
      {
        "category": "external",
        "summary": "2196026",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196026"
      },
      {
        "category": "external",
        "summary": "2196027",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
      },
      {
        "category": "external",
        "summary": "2196029",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196029"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3918.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.5 security and bug fix update",
    "tracking": {
      "current_release_date": "2026-05-29T20:32:22+00:00",
      "generator": {
        "date": "2026-05-29T20:32:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:3918",
      "initial_release_date": "2023-06-29T00:59:02+00:00",
      "revision_history": [
        {
          "date": "2023-06-29T00:59:02+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-06-29T00:59:02+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-29T20:32:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-OADP-1.1",
                "product": {
                  "name": "8Base-OADP-1.1",
                  "product_id": "8Base-OADP-1.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift API for Data Protection"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
                  "product_id": "oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
                  "product_id": "oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
                "product": {
                  "name": "oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
                  "product_id": "oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
                "product": {
                  "name": "oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
                  "product_id": "oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
                  "product_id": "oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
                "product": {
                  "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
                  "product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.5-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
                  "product_id": "oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
                  "product_id": "oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
                "product": {
                  "name": "oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
                  "product_id": "oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
                "product": {
                  "name": "oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
                  "product_id": "oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
                  "product_id": "oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
                "product": {
                  "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
                  "product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.5-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
                  "product_id": "oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
                  "product_id": "oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
                "product": {
                  "name": "oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
                  "product_id": "oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
                  "product_id": "oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.5-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le",
                "product": {
                  "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le",
                  "product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.5-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64"
        },
        "product_reference": "oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le"
        },
        "product_reference": "oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x"
        },
        "product_reference": "oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le"
        },
        "product_reference": "oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64"
        },
        "product_reference": "oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x"
        },
        "product_reference": "oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64"
        },
        "product_reference": "oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
        },
        "product_reference": "oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x"
        },
        "product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64"
        },
        "product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
        },
        "product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Philippe Antoine"
          ],
          "organization": "Catena Cyber"
        }
      ],
      "cve": "CVE-2022-41723",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-03-14T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2178358"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Within OpenShift Container Platform, the maximum impact of this vulnerability is a denial of service against an individual container so the impact could not cascade across the entire infrastructure, this vulnerability is rated Moderate impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-41723"
        },
        {
          "category": "external",
          "summary": "RHBZ#2178358",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178358"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-41723",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41723"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h",
          "url": "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/468135",
          "url": "https://go.dev/cl/468135"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/468295",
          "url": "https://go.dev/cl/468295"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/57855",
          "url": "https://go.dev/issue/57855"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E",
          "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-1571",
          "url": "https://pkg.go.dev/vuln/GO-2023-1571"
        },
        {
          "category": "external",
          "summary": "https://vuln.go.dev/ID/GO-2023-1571.json",
          "url": "https://vuln.go.dev/ID/GO-2023-1571.json"
        }
      ],
      "release_date": "2023-02-17T14:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T00:59:02+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3918"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding"
    },
    {
      "cve": "CVE-2023-24534",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-04-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2184483"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http, net/textproto: denial of service from excessive memory allocation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24534"
        },
        {
          "category": "external",
          "summary": "RHBZ#2184483",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184483"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24534",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24534"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/58975",
          "url": "https://go.dev/issue/58975"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
          "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
        }
      ],
      "release_date": "2023-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T00:59:02+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3918"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http, net/textproto: denial of service from excessive memory allocation"
    },
    {
      "cve": "CVE-2023-24536",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-04-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2184482"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux,\n\n* Conmon uses Go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not-affected.\n* The CVE refers to multipart form parsing routine mime/multipart.Reader.ReadForm, which is not used in Grafana, hence it is not-affected.\n* Butane does not parse multipart forms, hence, it is also not-affected.\nRedhat has marked this vulnerability as moderate as this vulnerability could lead to a potential denial of service when all the resource of a system is consumed which is technically not a clear case of denial of service.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24536"
        },
        {
          "category": "external",
          "summary": "RHBZ#2184482",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184482"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24536"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/59153",
          "url": "https://go.dev/issue/59153"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
          "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
        }
      ],
      "release_date": "2023-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T00:59:02+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3918"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption"
    },
    {
      "cve": "CVE-2023-24537",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2023-04-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2184484"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: go/parser: Infinite loop in parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability has been rated Moderate because it allows denial of service condition in Go\u2019s source code parser when processing specially crafted input containing //line directives with excessively large line numbers. Exploitation can cause the parser to enter an infinite loop, consuming CPU resources and rendering services unresponsive. While this issue does not permit code execution or data access, it poses a significant availability impact for systems processing untrusted Go source input.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24537"
        },
        {
          "category": "external",
          "summary": "RHBZ#2184484",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184484"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24537",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24537"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/59180",
          "url": "https://github.com/golang/go/issues/59180"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
          "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
        }
      ],
      "release_date": "2023-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T00:59:02+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3918"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, upgrade Go to version 1.19.8, 1.20.3, or later, where the vulnerability has been addressed.",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: go/parser: Infinite loop in parsing"
    },
    {
      "cve": "CVE-2023-24538",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2023-04-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2184481"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: html/template: backticks not treated as string delimiters",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The described issue involving Go templates and JavaScript template literals poses a moderate severity rather than an important one due to several mitigating factors. Firstly, the vulnerability requires specific conditions to be met: the presence of Go templates within JavaScript template literals. This limits the scope of affected codebases, reducing the likelihood of exploitation. Additionally, the decision to disallow such interactions in future releases of Go indicates a proactive approach to addressing the issue. Furthermore, the affected packages or components within Red Hat Enterprise Linux, such as Conmon, Grafana, and the RHC package, have been assessed and determined not to be impacted due to their specific usage patterns. So the limited scope of affected systems and the absence of exploitation vectors in specific components within Red Hat Enterprise Linux contribute to categorizing the severity of the issue as moderate.\n\nFor Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* The rhc package do not make use of html/template. Hence, it is also not affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24538"
        },
        {
          "category": "external",
          "summary": "RHBZ#2184481",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184481"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24538",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24538"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/59234",
          "url": "https://github.com/golang/go/issues/59234"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8",
          "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
        }
      ],
      "release_date": "2023-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T00:59:02+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3918"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: html/template: backticks not treated as string delimiters"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Juho Nurminen"
          ],
          "organization": "Mattermost"
        }
      ],
      "cve": "CVE-2023-24539",
      "cwe": {
        "id": "CWE-176",
        "name": "Improper Handling of Unicode Encoding"
      },
      "discovery_date": "2023-05-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2196026"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a \u0027/\u0027 character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: html/template: improper sanitization of CSS values",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, not in the actual code. Thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore, the impact is low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24539"
        },
        {
          "category": "external",
          "summary": "RHBZ#2196026",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196026"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24539",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24539"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/go/issues/59720",
          "url": "https://github.com/golang/go/issues/59720"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
          "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
        }
      ],
      "release_date": "2023-04-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T00:59:02+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3918"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: html/template: improper sanitization of CSS values"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Juho Nurminen"
          ],
          "organization": "Mattermost"
        }
      ],
      "cve": "CVE-2023-24540",
      "cwe": {
        "id": "CWE-176",
        "name": "Improper Handling of Unicode Encoding"
      },
      "discovery_date": "2023-05-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2196027"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: html/template: improper handling of JavaScript whitespace",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux,\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore the impact is low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24540"
        },
        {
          "category": "external",
          "summary": "RHBZ#2196027",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/59721",
          "url": "https://go.dev/issue/59721"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
          "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
        }
      ],
      "release_date": "2023-04-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T00:59:02+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3918"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang: html/template: improper handling of JavaScript whitespace"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Juho Nurminen"
          ],
          "organization": "Mattermost"
        }
      ],
      "cve": "CVE-2023-29400",
      "cwe": {
        "id": "CWE-176",
        "name": "Improper Handling of Unicode Encoding"
      },
      "discovery_date": "2023-05-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2196029"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: html/template: improper handling of empty HTML attributes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux,\n\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, not in the actual code. Thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn OpenShift Container Platform and Red Hat Advanced Cluster Management for Kubernetes (RHACM), the affected containers are behind OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users, reducing the impact to low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-29400"
        },
        {
          "category": "external",
          "summary": "RHBZ#2196029",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196029"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-29400",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29400"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/59722",
          "url": "https://go.dev/issue/59722"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
          "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
        }
      ],
      "release_date": "2023-04-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-29T00:59:02+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3918"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:232797593d0ea5323f913c902ac7bd25bbe1eacdb40b00deaf9bbcd9306bf4e9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:aa58ca1500ddb603bc9f39eba981584cd38682eab092ce06ec951a078a3dc0a6_s390x",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:b5ac15e683479a1524dfa55db10a8c84e362e6734f0d82d62ce724dfd76779e2_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:83d13ab990fc72c63c51a008a13fe341a555dfaec96494d25f5b7cbd5a0eafb1_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:b0215bed64f78192b9d7a8e4904efdbef9408296806d7fb6b86927b0cbd67a79_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:c0a9d5bbd97613ca2d26bd4315b55ffc6512fa429c0cdec5da77fe2fb8d254b9_s390x",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:174e673e1e9b09714ac89082c01e84bf9e77c7d52f65bbe3da156e4467ff6e07_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:91e02a2cd94a94354294e16b3a8495175907c9d07e1f7965febe1179d36c9940_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a3348b782dd897ef822bdf885db8c61e24278dde0520646e54270fec53d10f34_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:36882e2b4183bd2d0e58acb59e49004db1c2accd1f4e6cc01dfc2ca10cbbda19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:5e9ef29577268fc0bafa30e84de8f79c5141df76eefe995da2a2a201a92e5aef_amd64",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:cdcb5d1b32410973779aed6cb760c016fe2035dbcae41dde6707045bbf4e97c6_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:3e4af775f289789e0dce2ac73c07d6d5a101c77970b5f70e88a4cff6e2fbc3dd_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:60a01a5762ea173f150f6ccd6f8bfd1f1e17aed1f4865f9161d0d06e3c490ca7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:a5702782be3fdf763b47c734d107d853c2b8f3f831c45d34dd686c19e2b295ff_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:2a8a8c64cb71f52559e53b9dddaeaee97b8067a7b2f996cde2e1ca2e14f25e55_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:37002fe133ff5853c97eb41e9d5e57dfb882f2b9150dfe945f965f78fbe3b1e4_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:38e0bf9d9f589e93335d477e23fe2838ad2ef138472d66887d7343b720081c19_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:195a154a41e6a7a4176475470aa1058e7ab171cb5ffd0c998009ac022ba810b2_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:5e26431bc81545c21b1c3b87dd42e267773c4221213d478c04e0b8809559201c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:b3792c8e92add196de5d06cdd88eb8e9d02fcdb9ce15c1a9a362241018caf6db_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:04c0ba8b1660eaa87f5e22291904b6e98442056270cfb134a243943742595e30_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:1b8f8b7b03f5dc4ca2fbeec13eb4b99e5bec1f09daf7b04c982ba1324611c6f3_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:37d6701003b9e5f58795d85267d1ca1fd9687981abe784075d9c7ba5a7a036c5_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:17ae407841f29a5bbf3e72d25acc883150929ce91fc6384fc81e8d7977eecf42_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:2d58a2e20d7a0553ce843a6b43b2df1e7924d5b2cb19372a276ebde6644e8eb5_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:d695407dd931000091e7a19ea693608e99985c84bfae95a94d8d111313b8e542_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:66bee327e86ddae9b69e362e520278bd8cb6a8b7f9756c3a55faf76d02486ab1_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7e212da871132c319750a6513e9b98a836b6d670dfeeb0ca2050b0fe959bbb9e_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:a8409a1d9a281711caae8d67d155a0aac5384f2ae736c3da728dc423b849b3fe_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:43c1b134f68e4b71f3a1a35769fb573a9c496ffc5ba188b13b97a52ee2ab8479_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:b4ab733bfbf853bbac246530f1b4b0dafae2173ab93e32d1cebdd5b6c70dae29_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:e583bed08cbd7e36f0f7a66bd18c41b62d4062fdb5d43ec8e191d37ecf23be11_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:294903bf15035ffc5c4f9f4fc546079de344875068f1188ddfdd4b4e435d01bd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:660e0ac7699c6c3ef59733bd3084bf0c8667e55bef1a36b13ee057fd4025bde7_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:72636e3e55f29a227092993151fba716f91d17812cd4b493cc2308823cbfb4a8_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: html/template: improper handling of empty HTML attributes"
    }
  ]
}

CVE-2022-41723 (GCVE-0-2022-41723)

Vulnerability from cvelistv5 – Published: 2023-02-28 17:19 – Updated: 2025-05-05 16:12

Title

Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net

Summary

A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE 400: Uncontrolled Resource Consumption

Assigner

References

14 references

URL	Tags
https://go.dev/issue/57855
https://go.dev/cl/468135
https://go.dev/cl/468295
https://groups.google.com/g/golang-announce/c/V0a…
https://pkg.go.dev/vuln/GO-2023-1571
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://www.couchbase.com/alerts/
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://security.gentoo.org/glsa/202311-09

Impacted products

3 products

Vendor	Product	Version
Go standard library	net/http	Affected: 0 , < 1.19.6 (semver) Affected: 1.20.0-0 , < 1.20.1 (semver)
golang.org/x/net	golang.org/x/net/http2	Affected: 0 , < 0.7.0 (semver)
golang.org/x/net	golang.org/x/net/http2/hpack	Affected: 0 , < 0.7.0 (semver)

Credits

Philippe Antoine (Catena cyber)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:43.617Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20230331-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/57855"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/468135"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/468295"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1571"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-41723",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:26:37.352634Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "NVD-CWE-Other",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:12:28.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http",
          "product": "net/http",
          "programRoutines": [
            {
              "name": "Transport.RoundTrip"
            },
            {
              "name": "Server.Serve"
            },
            {
              "name": "Client.Do"
            },
            {
              "name": "Client.Get"
            },
            {
              "name": "Client.Head"
            },
            {
              "name": "Client.Post"
            },
            {
              "name": "Client.PostForm"
            },
            {
              "name": "Get"
            },
            {
              "name": "Head"
            },
            {
              "name": "ListenAndServe"
            },
            {
              "name": "ListenAndServeTLS"
            },
            {
              "name": "Post"
            },
            {
              "name": "PostForm"
            },
            {
              "name": "Serve"
            },
            {
              "name": "ServeTLS"
            },
            {
              "name": "Server.ListenAndServe"
            },
            {
              "name": "Server.ListenAndServeTLS"
            },
            {
              "name": "Server.ServeTLS"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.1",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/http2",
          "product": "golang.org/x/net/http2",
          "programRoutines": [
            {
              "name": "Transport.RoundTrip"
            },
            {
              "name": "Server.ServeConn"
            },
            {
              "name": "ClientConn.Close"
            },
            {
              "name": "ClientConn.Ping"
            },
            {
              "name": "ClientConn.RoundTrip"
            },
            {
              "name": "ClientConn.Shutdown"
            },
            {
              "name": "ConfigureServer"
            },
            {
              "name": "ConfigureTransport"
            },
            {
              "name": "ConfigureTransports"
            },
            {
              "name": "ConnectionError.Error"
            },
            {
              "name": "ErrCode.String"
            },
            {
              "name": "FrameHeader.String"
            },
            {
              "name": "FrameType.String"
            },
            {
              "name": "FrameWriteRequest.String"
            },
            {
              "name": "Framer.ReadFrame"
            },
            {
              "name": "Framer.WriteContinuation"
            },
            {
              "name": "Framer.WriteData"
            },
            {
              "name": "Framer.WriteDataPadded"
            },
            {
              "name": "Framer.WriteGoAway"
            },
            {
              "name": "Framer.WriteHeaders"
            },
            {
              "name": "Framer.WritePing"
            },
            {
              "name": "Framer.WritePriority"
            },
            {
              "name": "Framer.WritePushPromise"
            },
            {
              "name": "Framer.WriteRSTStream"
            },
            {
              "name": "Framer.WriteRawFrame"
            },
            {
              "name": "Framer.WriteSettings"
            },
            {
              "name": "Framer.WriteSettingsAck"
            },
            {
              "name": "Framer.WriteWindowUpdate"
            },
            {
              "name": "GoAwayError.Error"
            },
            {
              "name": "ReadFrameHeader"
            },
            {
              "name": "Setting.String"
            },
            {
              "name": "SettingID.String"
            },
            {
              "name": "SettingsFrame.ForeachSetting"
            },
            {
              "name": "StreamError.Error"
            },
            {
              "name": "Transport.CloseIdleConnections"
            },
            {
              "name": "Transport.NewClientConn"
            },
            {
              "name": "Transport.RoundTripOpt"
            },
            {
              "name": "bufferedWriter.Flush"
            },
            {
              "name": "bufferedWriter.Write"
            },
            {
              "name": "chunkWriter.Write"
            },
            {
              "name": "clientConnPool.GetClientConn"
            },
            {
              "name": "connError.Error"
            },
            {
              "name": "dataBuffer.Read"
            },
            {
              "name": "duplicatePseudoHeaderError.Error"
            },
            {
              "name": "gzipReader.Close"
            },
            {
              "name": "gzipReader.Read"
            },
            {
              "name": "headerFieldNameError.Error"
            },
            {
              "name": "headerFieldValueError.Error"
            },
            {
              "name": "noDialClientConnPool.GetClientConn"
            },
            {
              "name": "noDialH2RoundTripper.RoundTrip"
            },
            {
              "name": "pipe.Read"
            },
            {
              "name": "priorityWriteScheduler.CloseStream"
            },
            {
              "name": "priorityWriteScheduler.OpenStream"
            },
            {
              "name": "pseudoHeaderError.Error"
            },
            {
              "name": "requestBody.Close"
            },
            {
              "name": "requestBody.Read"
            },
            {
              "name": "responseWriter.Flush"
            },
            {
              "name": "responseWriter.FlushError"
            },
            {
              "name": "responseWriter.Push"
            },
            {
              "name": "responseWriter.SetReadDeadline"
            },
            {
              "name": "responseWriter.SetWriteDeadline"
            },
            {
              "name": "responseWriter.Write"
            },
            {
              "name": "responseWriter.WriteHeader"
            },
            {
              "name": "responseWriter.WriteString"
            },
            {
              "name": "serverConn.CloseConn"
            },
            {
              "name": "serverConn.Flush"
            },
            {
              "name": "stickyErrWriter.Write"
            },
            {
              "name": "transportResponseBody.Close"
            },
            {
              "name": "transportResponseBody.Read"
            },
            {
              "name": "writeData.String"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.7.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/http2/hpack",
          "product": "golang.org/x/net/http2/hpack",
          "programRoutines": [
            {
              "name": "Decoder.parseFieldLiteral"
            },
            {
              "name": "Decoder.readString"
            },
            {
              "name": "Decoder.DecodeFull"
            },
            {
              "name": "Decoder.Write"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.7.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Philippe Antoine (Catena cyber)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE 400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:09:48.448Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/57855"
        },
        {
          "url": "https://go.dev/cl/468135"
        },
        {
          "url": "https://go.dev/cl/468295"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1571"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2022-41723",
    "datePublished": "2023-02-28T17:19:45.801Z",
    "dateReserved": "2022-09-28T17:00:06.610Z",
    "dateUpdated": "2025-05-05T16:12:28.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24534 (GCVE-0-2023-24534)

Vulnerability from cvelistv5 – Published: 2023-04-06 15:50 – Updated: 2025-02-13 16:44

Title

Excessive memory allocation in net/http and net/textproto

Summary

HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

6 references

URL	Tags
https://go.dev/issue/58975
https://go.dev/cl/481994
https://groups.google.com/g/golang-announce/c/Xdv…
https://pkg.go.dev/vuln/GO-2023-1704
https://security.netapp.com/advisory/ntap-2023052…
https://security.gentoo.org/glsa/202311-09

Impacted products

1 product

Vendor	Product	Version
Go standard library	net/textproto	Affected: 0 , < 1.19.8 (semver) Affected: 1.20.0-0 , < 1.20.3 (semver)

Credits

Jakob Ackermann (@das7pad)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:03:17.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/58975"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/481994"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1704"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230526-0007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-24534",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T17:14:51.815762Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T17:15:47.401Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/textproto",
          "product": "net/textproto",
          "programRoutines": [
            {
              "name": "readMIMEHeader"
            },
            {
              "name": "Reader.upcomingHeaderNewlines"
            },
            {
              "name": "Reader.ReadMIMEHeader"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.3",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakob Ackermann (@das7pad)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:10:11.790Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/58975"
        },
        {
          "url": "https://go.dev/cl/481994"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1704"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230526-0007/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Excessive memory allocation in net/http and net/textproto"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-24534",
    "datePublished": "2023-04-06T15:50:45.710Z",
    "dateReserved": "2023-01-25T21:19:20.642Z",
    "dateUpdated": "2025-02-13T16:44:17.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24536 (GCVE-0-2023-24536)

Vulnerability from cvelistv5 – Published: 2023-04-06 15:50 – Updated: 2025-02-13 16:44

Title

Excessive resource consumption in net/http, net/textproto and mime/multipart

Summary

Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

8 references

URL	Tags
https://go.dev/issue/59153
https://go.dev/cl/482076
https://go.dev/cl/482075
https://go.dev/cl/482077
https://groups.google.com/g/golang-announce/c/Xdv…
https://pkg.go.dev/vuln/GO-2023-1705
https://security.netapp.com/advisory/ntap-2023052…
https://security.gentoo.org/glsa/202311-09

Impacted products

2 products

Vendor	Product	Version
Go standard library	mime/multipart	Affected: 0 , < 1.19.8 (semver) Affected: 1.20.0-0 , < 1.20.3 (semver)
Go standard library	net/textproto	Affected: 0 , < 1.19.8 (semver) Affected: 1.20.0-0 , < 1.20.3 (semver)

Credits

Jakob Ackermann (@das7pad)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:03:17.787Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/59153"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/482076"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/482075"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/482077"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1705"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230526-0007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-24536",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T17:16:31.233167Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T17:17:32.099Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "mime/multipart",
          "product": "mime/multipart",
          "programRoutines": [
            {
              "name": "Reader.readForm"
            },
            {
              "name": "mimeHeaderSize"
            },
            {
              "name": "newPart"
            },
            {
              "name": "Part.populateHeaders"
            },
            {
              "name": "Reader.NextPart"
            },
            {
              "name": "Reader.NextRawPart"
            },
            {
              "name": "Reader.nextPart"
            },
            {
              "name": "readMIMEHeader"
            },
            {
              "name": "Reader.ReadForm"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.3",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/textproto",
          "product": "net/textproto",
          "programRoutines": [
            {
              "name": "readMIMEHeader"
            },
            {
              "name": "Reader.ReadMIMEHeader"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.3",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jakob Ackermann (@das7pad)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:09:50.567Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/59153"
        },
        {
          "url": "https://go.dev/cl/482076"
        },
        {
          "url": "https://go.dev/cl/482075"
        },
        {
          "url": "https://go.dev/cl/482077"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1705"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230526-0007/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Excessive resource consumption in net/http, net/textproto and mime/multipart"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-24536",
    "datePublished": "2023-04-06T15:50:24.879Z",
    "dateReserved": "2023-01-25T21:19:20.642Z",
    "dateUpdated": "2025-02-13T16:44:18.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24537 (GCVE-0-2023-24537)

Vulnerability from cvelistv5 – Published: 2023-04-06 15:50 – Updated: 2025-02-13 16:44

Title

Infinite loop in parsing in go/scanner

Summary

Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Assigner

References

5 references

URL	Tags
https://go.dev/issue/59180
https://go.dev/cl/482078
https://groups.google.com/g/golang-announce/c/Xdv…
https://pkg.go.dev/vuln/GO-2023-1702
https://security.gentoo.org/glsa/202311-09

Impacted products

1 product

Vendor	Product	Version
Go standard library	go/scanner	Affected: 0 , < 1.19.8 (semver) Affected: 1.20.0-0 , < 1.20.3 (semver)

Credits

Philippe Antoine (Catena cyber)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-29T12:04:35.562Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/59180"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/482078"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1702"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241129-0004/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-24537",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T17:00:19.402169Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-190",
                "description": "CWE-190 Integer Overflow or Wraparound",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T17:01:10.967Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "go/scanner",
          "product": "go/scanner",
          "programRoutines": [
            {
              "name": "Scanner.updateLineInfo"
            },
            {
              "name": "Scanner.Scan"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.3",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Philippe Antoine (Catena cyber)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:09:46.845Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/59180"
        },
        {
          "url": "https://go.dev/cl/482078"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1702"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Infinite loop in parsing in go/scanner"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-24537",
    "datePublished": "2023-04-06T15:50:49.556Z",
    "dateReserved": "2023-01-25T21:19:20.642Z",
    "dateUpdated": "2025-02-13T16:44:18.701Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24538 (GCVE-0-2023-24538)

Vulnerability from cvelistv5 – Published: 2023-04-06 15:50 – Updated: 2025-02-13 16:44

Title

Backticks not treated as string delimiters in html/template

Summary

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

References

5 references

URL	Tags
https://go.dev/issue/59234
https://go.dev/cl/482079
https://groups.google.com/g/golang-announce/c/Xdv…
https://pkg.go.dev/vuln/GO-2023-1703
https://security.gentoo.org/glsa/202311-09

Impacted products

1 product

Vendor	Product	Version
Go standard library	html/template	Affected: 0 , < 1.19.8 (semver) Affected: 1.20.0-0 , < 1.20.3 (semver)

Credits

Sohom Datta, Manipal Institute of Technology

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-15T13:08:09.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/59234"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/482079"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1703"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241115-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-24538",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-12T17:02:13.972733Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T17:02:39.854Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "html/template",
          "product": "html/template",
          "programRoutines": [
            {
              "name": "tJS"
            },
            {
              "name": "tJSDelimited"
            },
            {
              "name": "Template.Execute"
            },
            {
              "name": "Template.ExecuteTemplate"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.3",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sohom Datta, Manipal Institute of Technology"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:09:53.918Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/59234"
        },
        {
          "url": "https://go.dev/cl/482079"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1703"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Backticks not treated as string delimiters in html/template"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-24538",
    "datePublished": "2023-04-06T15:50:48.185Z",
    "dateReserved": "2023-01-25T21:19:20.642Z",
    "dateUpdated": "2025-02-13T16:44:19.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24539 (GCVE-0-2023-24539)

Vulnerability from cvelistv5 – Published: 2023-05-11 15:29 – Updated: 2025-01-24 16:41

Title

Improper sanitization of CSS values in html/template

Summary

Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-74 - Improper input validation

Assigner

References

4 references

URL	Tags
https://go.dev/issue/59720
https://go.dev/cl/491615
https://groups.google.com/g/golang-announce/c/MEb…
https://pkg.go.dev/vuln/GO-2023-1751

Impacted products

1 product

Vendor	Product	Version
Go standard library	html/template	Affected: 0 , < 1.19.9 (semver) Affected: 1.20.0-0 , < 1.20.4 (semver)

Credits

Juho Nurminen of Mattermost

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-29T12:04:36.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/59720"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/491615"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1751"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241129-0005/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-24539",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-24T16:39:35.722970Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-24T16:41:28.222Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "html/template",
          "product": "html/template",
          "programRoutines": [
            {
              "name": "cssValueFilter"
            },
            {
              "name": "escaper.commit"
            },
            {
              "name": "Template.Execute"
            },
            {
              "name": "Template.ExecuteTemplate"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.4",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Angle brackets (\u003c\u003e) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a \u0027/\u0027 character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-74: Improper input validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:08:23.986Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/59720"
        },
        {
          "url": "https://go.dev/cl/491615"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1751"
        }
      ],
      "title": "Improper sanitization of CSS values in html/template"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-24539",
    "datePublished": "2023-05-11T15:29:38.143Z",
    "dateReserved": "2023-01-25T21:19:20.642Z",
    "dateUpdated": "2025-01-24T16:41:28.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-24540 (GCVE-0-2023-24540)

Vulnerability from cvelistv5 – Published: 2023-05-11 15:29 – Updated: 2025-01-24 16:45

Title

Improper handling of JavaScript whitespace in html/template

Summary

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-74 - Improper input validation

Assigner

References

4 references

URL	Tags
https://go.dev/issue/59721
https://go.dev/cl/491616
https://groups.google.com/g/golang-announce/c/MEb…
https://pkg.go.dev/vuln/GO-2023-1752

Impacted products

1 product

Vendor	Product	Version
Go standard library	html/template	Affected: 0 , < 1.19.9 (semver) Affected: 1.20.0-0 , < 1.20.4 (semver)

Credits

Juho Nurminen of Mattermost

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-15T13:08:11.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/59721"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/491616"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1752"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241115-0008/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-24540",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-24T16:42:20.856397Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-77",
                "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-24T16:45:07.999Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "html/template",
          "product": "html/template",
          "programRoutines": [
            {
              "name": "nextJSCtx"
            },
            {
              "name": "Template.Execute"
            },
            {
              "name": "Template.ExecuteTemplate"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.4",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-74: Improper input validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:08:26.127Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/59721"
        },
        {
          "url": "https://go.dev/cl/491616"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1752"
        }
      ],
      "title": "Improper handling of JavaScript whitespace in html/template"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-24540",
    "datePublished": "2023-05-11T15:29:31.947Z",
    "dateReserved": "2023-01-25T21:19:20.642Z",
    "dateUpdated": "2025-01-24T16:45:07.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29400 (GCVE-0-2023-29400)

Vulnerability from cvelistv5 – Published: 2023-05-11 15:29 – Updated: 2025-01-24 16:47

Title

Improper handling of empty HTML attributes in html/template

Summary

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-74 - Improper input validation

Assigner

References

4 references

URL	Tags
https://go.dev/issue/59722
https://go.dev/cl/491617
https://groups.google.com/g/golang-announce/c/MEb…
https://pkg.go.dev/vuln/GO-2023-1753

Impacted products

1 product

Vendor	Product	Version
Go standard library	html/template	Affected: 0 , < 1.19.9 (semver) Affected: 1.20.0-0 , < 1.20.4 (semver)

Credits

Juho Nurminen of Mattermost

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-13T13:09:23.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/59722"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/491617"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1753"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241213-0005/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-29400",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-24T16:46:30.315646Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-24T16:47:46.724Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "html/template",
          "product": "html/template",
          "programRoutines": [
            {
              "name": "appendCmd"
            },
            {
              "name": "htmlNospaceEscaper"
            },
            {
              "name": "Template.Execute"
            },
            {
              "name": "Template.ExecuteTemplate"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.4",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-74: Improper input validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:08:27.799Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/59722"
        },
        {
          "url": "https://go.dev/cl/491617"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1753"
        }
      ],
      "title": "Improper handling of empty HTML attributes in html/template"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-29400",
    "datePublished": "2023-05-11T15:29:24.874Z",
    "dateReserved": "2023-04-05T19:36:35.042Z",
    "dateUpdated": "2025-01-24T16:47:46.724Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2023:3918

CVE-2022-41723 (GCVE-0-2022-41723)

CVE-2023-24534 (GCVE-0-2023-24534)

CVE-2023-24536 (GCVE-0-2023-24536)

CVE-2023-24537 (GCVE-0-2023-24537)

CVE-2023-24538 (GCVE-0-2023-24538)

CVE-2023-24539 (GCVE-0-2023-24539)

CVE-2023-24540 (GCVE-0-2023-24540)

CVE-2023-29400 (GCVE-0-2023-29400)

Tags

Sightings

Nomenclature