Vulnerability-Lookup

RHSA-2023:6115

Vulnerability from csaf_redhat - Published: 2023-10-25 14:01 - Updated: 2026-05-28 02:51

Summary

Red Hat Security Advisory: OpenShift API for Data Protection security update

Severity

Important

Notes

Topic: An update is now available for OADP-1.1-RHEL-8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Security Fix(es): * golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325) * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * golang: net/http: insufficient sanitization of Host header (CVE-2023-29406) * golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409) * golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318) * golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319) * golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321) * golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-29406

A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64	—	Vendor Fix fix

Known not affected 33 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le		—

Threats

Impact Moderate

CVE-2023-29409

A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64	—	Vendor Fix fix

Known not affected 33 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le		—

Threats

Impact Moderate

CVE-2023-39318

A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This issue may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64	—	Vendor Fix fix

Known not affected 33 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le		—

Threats

Impact Moderate

CVE-2023-39319

A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64	—	Vendor Fix fix

Known not affected 33 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le		—

Threats

Impact Moderate

CVE-2023-39321

A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-805 - Buffer Access with Incorrect Length Value

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64	—	Vendor Fix fix

Known not affected 33 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le		—

Threats

Impact Moderate

CVE-2023-39322

A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64	—	Vendor Fix fix

Known not affected 33 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x		—
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le		—

Threats

Impact Moderate

CVE-2023-39325

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 27 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le	—	Vendor Fix fix Workaround

Known not affected 9 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x	—	Workaround

Threats

Impact Important

CVE-2023-44487

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64	—	Vendor Fix fix Workaround

Known not affected 33 products

Product	Version	Remediation
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x	—	Workaround
Unresolved product id: 8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le	—	Workaround

Threats

Exploit Status CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Impact Important

References

68 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:6115	self
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/vulnerabilitie…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2222167	external
https://bugzilla.redhat.com/show_bug.cgi?id=2228743	external
https://bugzilla.redhat.com/show_bug.cgi?id=2237773	external
https://bugzilla.redhat.com/show_bug.cgi?id=2237776	external
https://bugzilla.redhat.com/show_bug.cgi?id=2237777	external
https://bugzilla.redhat.com/show_bug.cgi?id=2237778	external
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://bugzilla.redhat.com/show_bug.cgi?id=2243296	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-29406	self
https://bugzilla.redhat.com/show_bug.cgi?id=2222167	external
https://www.cve.org/CVERecord?id=CVE-2023-29406	external
https://nvd.nist.gov/vuln/detail/CVE-2023-29406	external
https://groups.google.com/g/golang-announce/c/2q1…	external
https://access.redhat.com/security/cve/CVE-2023-29409	self
https://bugzilla.redhat.com/show_bug.cgi?id=2228743	external
https://www.cve.org/CVERecord?id=CVE-2023-29409	external
https://nvd.nist.gov/vuln/detail/CVE-2023-29409	external
https://go.dev/cl/515257	external
https://go.dev/issue/61460	external
https://groups.google.com/g/golang-announce/c/X0b…	external
https://pkg.go.dev/vuln/GO-2023-1987	external
https://access.redhat.com/security/cve/CVE-2023-39318	self
https://bugzilla.redhat.com/show_bug.cgi?id=2237776	external
https://www.cve.org/CVERecord?id=CVE-2023-39318	external
https://nvd.nist.gov/vuln/detail/CVE-2023-39318	external
https://go.dev/cl/526156	external
https://go.dev/issue/62196	external
https://groups.google.com/g/golang-dev/c/2C5vbR-U…	external
https://vuln.go.dev/ID/GO-2023-2041.json	external
https://access.redhat.com/security/cve/CVE-2023-39319	self
https://bugzilla.redhat.com/show_bug.cgi?id=2237773	external
https://www.cve.org/CVERecord?id=CVE-2023-39319	external
https://nvd.nist.gov/vuln/detail/CVE-2023-39319	external
https://go.dev/cl/526157	external
https://go.dev/issue/62197	external
https://vuln.go.dev/ID/GO-2023-2043.json	external
https://access.redhat.com/security/cve/CVE-2023-39321	self
https://bugzilla.redhat.com/show_bug.cgi?id=2237777	external
https://www.cve.org/CVERecord?id=CVE-2023-39321	external
https://nvd.nist.gov/vuln/detail/CVE-2023-39321	external
https://go.dev/cl/523039	external
https://go.dev/issue/62266	external
https://vuln.go.dev/ID/GO-2023-2044.json	external
https://access.redhat.com/security/cve/CVE-2023-39322	self
https://bugzilla.redhat.com/show_bug.cgi?id=2237778	external
https://www.cve.org/CVERecord?id=CVE-2023-39322	external
https://nvd.nist.gov/vuln/detail/CVE-2023-39322	external
https://vuln.go.dev/ID/GO-2023-2045.json	external
https://access.redhat.com/security/cve/CVE-2023-39325	self
https://bugzilla.redhat.com/show_bug.cgi?id=2243296	external
https://access.redhat.com/security/vulnerabilitie…	external
https://www.cve.org/CVERecord?id=CVE-2023-39325	external
https://nvd.nist.gov/vuln/detail/CVE-2023-39325	external
https://access.redhat.com/security/cve/CVE-2023-44487	external
https://go.dev/issue/63417	external
https://pkg.go.dev/vuln/GO-2023-2102	external
https://www.cisa.gov/news-events/alerts/2023/10/1…	external
https://access.redhat.com/security/cve/CVE-2023-44487	self
https://bugzilla.redhat.com/show_bug.cgi?id=2242803	external
https://www.cve.org/CVERecord?id=CVE-2023-44487	external
https://nvd.nist.gov/vuln/detail/CVE-2023-44487	external
https://github.com/dotnet/announcements/issues/277	external
https://www.nginx.com/blog/http-2-rapid-reset-att…	external
https://www.cisa.gov/known-exploited-vulnerabilit…	external

Acknowledgments

GMO Cybersecurity by Ierae, Inc. Takeshi Kaneko

Martin Seemann

Marten Seemann

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for OADP-1.1-RHEL-8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Security Fix(es):\n\n* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)\n\n* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\n* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)\n\n* golang: crypto/tls: slow verification of certificate chains containing large RSA keys (CVE-2023-29409)\n\n* golang: html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318)\n\n* golang: html/template: improper handling of special tags within script contexts (CVE-2023-39319)\n\n* golang: crypto/tls: panic when processing post-handshake message on QUIC connections (CVE-2023-39321)\n\n* golang: crypto/tls: lack of a limit on buffered post-handshake (CVE-2023-39322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:6115",
        "url": "https://access.redhat.com/errata/RHSA-2023:6115"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
        "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
      },
      {
        "category": "external",
        "summary": "2222167",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
      },
      {
        "category": "external",
        "summary": "2228743",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
      },
      {
        "category": "external",
        "summary": "2237773",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
      },
      {
        "category": "external",
        "summary": "2237776",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
      },
      {
        "category": "external",
        "summary": "2237777",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
      },
      {
        "category": "external",
        "summary": "2237778",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
      },
      {
        "category": "external",
        "summary": "2242803",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
      },
      {
        "category": "external",
        "summary": "2243296",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6115.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift API for Data Protection security update",
    "tracking": {
      "current_release_date": "2026-05-28T02:51:28+00:00",
      "generator": {
        "date": "2026-05-28T02:51:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2023:6115",
      "initial_release_date": "2023-10-25T14:01:58+00:00",
      "revision_history": [
        {
          "date": "2023-10-25T14:01:58+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-10-25T14:01:58+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-28T02:51:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-OADP-1.1",
                "product": {
                  "name": "8Base-OADP-1.1",
                  "product_id": "8Base-OADP-1.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift API for Data Protection"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
                  "product_id": "oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.7-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
                  "product_id": "oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.7-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
                "product": {
                  "name": "oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
                  "product_id": "oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.7-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
                "product": {
                  "name": "oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
                  "product_id": "oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
                  "product_id": "oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
                "product": {
                  "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
                  "product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.7-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
                  "product_id": "oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.7-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
                  "product_id": "oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.7-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
                "product": {
                  "name": "oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
                  "product_id": "oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.7-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
                "product": {
                  "name": "oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
                  "product_id": "oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
                  "product_id": "oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
                "product": {
                  "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
                  "product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.7-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
                  "product_id": "oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel8\u0026tag=1.1.7-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
                  "product_id": "oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.1.7-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
                "product": {
                  "name": "oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
                  "product_id": "oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-rhel8-operator\u0026tag=1.1.7-7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
                  "product_id": "oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-csi-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel8\u0026tag=1.1.7-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le",
                "product": {
                  "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le",
                  "product_id": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-volume-snapshot-mover-rhel8\u0026tag=1.1.7-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x"
        },
        "product_reference": "oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64"
        },
        "product_reference": "oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le"
        },
        "product_reference": "oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le"
        },
        "product_reference": "oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x"
        },
        "product_reference": "oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64"
        },
        "product_reference": "oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x"
        },
        "product_reference": "oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
        },
        "product_reference": "oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64 as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64"
        },
        "product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x"
        },
        "product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
        "relates_to_product_reference": "8Base-OADP-1.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le as a component of 8Base-OADP-1.1",
          "product_id": "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
        },
        "product_reference": "oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le",
        "relates_to_product_reference": "8Base-OADP-1.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-29406",
      "cwe": {
        "id": "CWE-113",
        "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
      },
      "discovery_date": "2023-07-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2222167"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http: insufficient sanitization of Host header",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-29406"
        },
        {
          "category": "external",
          "summary": "RHBZ#2222167",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222167"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-29406",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29406"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0",
          "url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
        }
      ],
      "release_date": "2023-07-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-25T14:01:58+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:6115"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: net/http: insufficient sanitization of Host header"
    },
    {
      "cve": "CVE-2023-29409",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-08-03T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2228743"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-29409"
        },
        {
          "category": "external",
          "summary": "RHBZ#2228743",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2228743"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-29409",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29409"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/515257",
          "url": "https://go.dev/cl/515257"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/61460",
          "url": "https://go.dev/issue/61460"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ",
          "url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-1987",
          "url": "https://pkg.go.dev/vuln/GO-2023-1987"
        }
      ],
      "release_date": "2023-08-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-25T14:01:58+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:6115"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Takeshi Kaneko"
          ],
          "organization": "GMO Cybersecurity by Ierae, Inc."
        }
      ],
      "cve": "CVE-2023-39318",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2023-09-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2237776"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: html/template: improper handling of HTML-like comments within script contexts",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39318"
        },
        {
          "category": "external",
          "summary": "RHBZ#2237776",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237776"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39318",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39318"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/526156",
          "url": "https://go.dev/cl/526156"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/62196",
          "url": "https://go.dev/issue/62196"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
          "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
        },
        {
          "category": "external",
          "summary": "https://vuln.go.dev/ID/GO-2023-2041.json",
          "url": "https://vuln.go.dev/ID/GO-2023-2041.json"
        }
      ],
      "release_date": "2023-09-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-25T14:01:58+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:6115"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: html/template: improper handling of HTML-like comments within script contexts"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Takeshi Kaneko"
          ],
          "organization": "GMO Cybersecurity by Ierae, Inc."
        }
      ],
      "cve": "CVE-2023-39319",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2023-09-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2237773"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: html/template: improper handling of special tags within script contexts",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39319"
        },
        {
          "category": "external",
          "summary": "RHBZ#2237773",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237773"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39319",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39319"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/526157",
          "url": "https://go.dev/cl/526157"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/62197",
          "url": "https://go.dev/issue/62197"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
          "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
        },
        {
          "category": "external",
          "summary": "https://vuln.go.dev/ID/GO-2023-2043.json",
          "url": "https://vuln.go.dev/ID/GO-2023-2043.json"
        }
      ],
      "release_date": "2023-09-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-25T14:01:58+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:6115"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: html/template: improper handling of special tags within script contexts"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Martin Seemann"
          ]
        }
      ],
      "cve": "CVE-2023-39321",
      "cwe": {
        "id": "CWE-805",
        "name": "Buffer Access with Incorrect Length Value"
      },
      "discovery_date": "2023-09-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2237777"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The flaw has been marked as moderate instead of high like NVD \nQUICConn.HandleData buffers data and passes it to handlePostHandshakeMessage every time the buffer contains a complete message, while HandleData doesn\u0027t limit the amount of data it can buffer, a panic or denial of service would likely be lower severity,also in order to exploit this vulnerability, an attacker would have to smuggle partial handshake data which might be rejected altogether as per tls RFC specification.Therfore because of a lower severity denial of service and conditions that are beyond the scope of attackers control,we have marked this as moderate severity",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39321"
        },
        {
          "category": "external",
          "summary": "RHBZ#2237777",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237777"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39321"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/523039",
          "url": "https://go.dev/cl/523039"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/62266",
          "url": "https://go.dev/issue/62266"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
          "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
        },
        {
          "category": "external",
          "summary": "https://vuln.go.dev/ID/GO-2023-2044.json",
          "url": "https://vuln.go.dev/ID/GO-2023-2044.json"
        }
      ],
      "release_date": "2023-09-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-25T14:01:58+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:6115"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/tls: panic when processing post-handshake message on QUIC connections"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Marten Seemann"
          ]
        }
      ],
      "cve": "CVE-2023-39322",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-09-06T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2237778"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/tls: lack of a limit on buffered post-handshake",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A vulnerability was found in the Go QUIC protocol implementation in the logic that processes post-handshake messages. It is an uncontrolled resource consumption flaw, triggered when a malicious connection sends data without an enforced upper bound. This leads to unbounded memory growth, causing the service to crash and resulting in a denial of service.The single-dimensional impact of denial of service and the added complexity of whether the resource exhaustion would happen, being out of an attacker\u0027s control,this has been rated as moderate severity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39322"
        },
        {
          "category": "external",
          "summary": "RHBZ#2237778",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237778"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39322",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39322"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/523039",
          "url": "https://go.dev/cl/523039"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/62266",
          "url": "https://go.dev/issue/62266"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
          "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
        },
        {
          "category": "external",
          "summary": "https://vuln.go.dev/ID/GO-2023-2045.json",
          "url": "https://vuln.go.dev/ID/GO-2023-2045.json"
        }
      ],
      "release_date": "2023-09-06T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-25T14:01:58+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:6115"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/tls: lack of a limit on buffered post-handshake"
    },
    {
      "cve": "CVE-2023-39325",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2243296"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE is related to CVE-2023-44487.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nAs go-lang vendors its dependencies, a package may contain a library with a known vulnerability, solely because of lower tier libraries including it as a part of its dependencies, but the vulnerable code is not reachable at runtime. In such cases the issue is not exploitable. We classify these situations as \u201cNot affected\u201d or \u201cWill not fix,\u201d depending on the risk of breaking other unrelated packages.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-39325"
        },
        {
          "category": "external",
          "summary": "RHBZ#2243296",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243296"
        },
        {
          "category": "external",
          "summary": "RHSB-2023-003",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-39325",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39325"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2023-44487",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/63417",
          "url": "https://go.dev/issue/63417"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-25T14:01:58+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:6115"
        },
        {
          "category": "workaround",
          "details": "The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)"
    },
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
        ],
        "known_not_affected": [
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
          "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
          "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
          "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
          "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
          "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "category": "external",
          "summary": "RHSB-2023-003",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/dotnet/announcements/issues/277",
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-10-25T14:01:58+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:6115"
        },
        {
          "category": "workaround",
          "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n     a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n     b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n     c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n     d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n     e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:1d9eb04551c7629c1c955a83f56c9950af52cf507a960673fbbb71bc53a45d42_amd64",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:a107558ebc95b2d1c57a3571491bbf6ec88921ca8e6e45419dbec9bf47d505b9_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-kubevirt-velero-plugin-rhel8@sha256:ca91eab699f97705c3e696150446582caab5b97db9230c0a2a7d0b9e09a7c571_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:2d68a7b0030a673d88d59d712352614f136704fc95a5523484eea11eeeb76619_s390x",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:d2ea8cc469b9bc2cb99dc81ef1c8c043ef7d4c320b588f7bf1e221807767a21c_amd64",
            "8Base-OADP-1.1:oadp/oadp-mustgather-rhel8@sha256:f4db0cbe93b098c3e73e65bf83cdd73214e6eb9894a5d1d42d0f5fd58162a750_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:7381cf4462e525945055a1b2b0bf168d469d2bd3f67bb10f6c8cb13e58fa9569_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:a709259c3a6d923485ed217e9dd74f11c02a32c113f017ebbd8c49d60c83c47b_amd64",
            "8Base-OADP-1.1:oadp/oadp-operator-bundle@sha256:f6e549d662f01f8ccf0c1ab9016b1aadcd417096bc49133a536292c55049c13a_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:0f7a9f47f67af388ebebb7ef28a775857ac37d35e234ee228a4ea25bfc64c3e3_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:2d3e387f50011ea9496e7524624100afb1e5eb9aeb220c971ac850e3d3fb3ecd_s390x",
            "8Base-OADP-1.1:oadp/oadp-rhel8-operator@sha256:bf0607d865944a9011852bcbd92d2f289f4086aba2186331ab4a65c7bd065604_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:9bc0630106402a86da33e4a21c5d64c6379125f6a446519f5a659ba1ed110b76_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:ec6dd5b1b4a9382b86ae970240e25f11a4eb8e2ba42a2f6f727a984cf79f0cdb_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-aws-rhel8@sha256:fbef5cf169028b7e2c16c00ab699bcdb5733e2368ead683639495c2c584e08d7_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:57e64b3f70a5d06d68b2dfa3dfd329474ee39354e1ff3730742ae5869ffe9242_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:9535d60aeca08fbcb35f5ddecc455fbf8fd240b185b0359fcf15db088beed93b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-csi-rhel8@sha256:a68d39f20190d5dd35cb799b02ad3ff4fdaf52ab22f7785ba4be4d20c95a09af_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:4a509a9562f941a6eb85e29db424080204172cfcee21b2cbbe066efb5c60198c_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:7933617816babdf5e6da973b7ffbf54a2c280a66fc6a9861e2dc731f01043d80_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-gcp-rhel8@sha256:c8e99a08d99db02bb8a5f3fde5ff77108b4699fa710c12b257e411e1f3014f7b_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:209ccbbf81de2154f620e3dc690a053d7110bc805fc148cff668bcab43674894_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7b4c2fbf7ae8c859bfc976a1e07ef02e430792b16f36fd7fe9e447c7427d5003_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-for-microsoft-azure-rhel8@sha256:7bc516a3dc31d5675989c253dfc5d4f5b6e5675ed0dcd99aeabcf45748cfb82a_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:569d29f6abf7e47afa87dc786028dd1b3b25c703f03bb72f0cdb56fa9fd8322e_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c2e022362052875f262fc082268fe1093d1a7a60aa51479b05346f5fc857864c_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-plugin-rhel8@sha256:c521866aa8677b189bfe5b07f38b640e5fe5f392bcf6af9a25cda0daab393cd9_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:27b11e8db2a414fdbc1cf7d0844db973f3f23c2d47af1c6890f42b1e7627efda_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:2ced4f24ae6649bdeda3d075841b77c2171193e882c5559ec1d6f3cad6f94a8b_amd64",
            "8Base-OADP-1.1:oadp/oadp-velero-restic-restore-helper-rhel8@sha256:7466b02853935e62195da737dc4dc1e7776537a330b943feb971d9b0aab01a5b_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:12379906744bbe5df4574415a81fa2a2d79e42317cf72c168e5ee05380d2c412_ppc64le",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:19772d059d2f70b59c21f01b8cdb34736dd835a695586e74234785b577abbf74_s390x",
            "8Base-OADP-1.1:oadp/oadp-velero-rhel8@sha256:f1d013a16cc4ef007406323214d6e72b2a09ce9f38326df50497a2425e3a66b2_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:0e4b9f532f0ae2242b50ce34be7b7f5df6986c19ff126198a7b6aca4f8661d4a_amd64",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:7cc9fc024056ca5e857a6135bd99607d14eef47426eea87286f4e33f0751fcbd_s390x",
            "8Base-OADP-1.1:oadp/oadp-volume-snapshot-mover-rhel8@sha256:8abfd51f73690022c8e646ffe9a30f8b8e135c56eb67348a4bc0c2cfedbea29c_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-10-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
    }
  ]
}

CVE-2023-29406 (GCVE-0-2023-29406)

Vulnerability from cvelistv5 – Published: 2023-07-11 19:23 – Updated: 2025-02-13 16:49

Title

Insufficient sanitization of Host header in net/http

Summary

The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.

Severity

No CVSS data available.

CWE

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Assigner

References

6 references

URL	Tags
https://go.dev/issue/60374
https://go.dev/cl/506996
https://groups.google.com/g/golang-announce/c/2q1…
https://pkg.go.dev/vuln/GO-2023-1878
https://security.netapp.com/advisory/ntap-2023081…
https://security.gentoo.org/glsa/202311-09

Impacted products

1 product

Vendor	Product	Version
Go standard library	net/http	Affected: 0 , < 1.19.11 (semver) Affected: 1.20.0-0 , < 1.20.6 (semver)

Credits

Bartek Nowotarski

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:45.735Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/60374"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/506996"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1878"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230814-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29406",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T15:39:42.813114Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T15:39:53.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http",
          "product": "net/http",
          "programRoutines": [
            {
              "name": "Request.write"
            },
            {
              "name": "Client.CloseIdleConnections"
            },
            {
              "name": "Client.Do"
            },
            {
              "name": "Client.Get"
            },
            {
              "name": "Client.Head"
            },
            {
              "name": "Client.Post"
            },
            {
              "name": "Client.PostForm"
            },
            {
              "name": "Get"
            },
            {
              "name": "Head"
            },
            {
              "name": "Post"
            },
            {
              "name": "PostForm"
            },
            {
              "name": "Request.Write"
            },
            {
              "name": "Request.WriteProxy"
            },
            {
              "name": "Transport.CancelRequest"
            },
            {
              "name": "Transport.CloseIdleConnections"
            },
            {
              "name": "Transport.RoundTrip"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.6",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bartek Nowotarski"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:09:28.969Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/60374"
        },
        {
          "url": "https://go.dev/cl/506996"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1878"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230814-0002/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Insufficient sanitization of Host header in net/http"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-29406",
    "datePublished": "2023-07-11T19:23:58.511Z",
    "dateReserved": "2023-04-05T19:36:35.043Z",
    "dateUpdated": "2025-02-13T16:49:14.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-29409 (GCVE-0-2023-29409)

Vulnerability from cvelistv5 – Published: 2023-08-02 19:47 – Updated: 2025-02-13 16:49

Title

Large RSA keys can cause high CPU usage in crypto/tls

Summary

Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.

Severity

No CVSS data available.

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

6 references

URL	Tags
https://go.dev/issue/61460
https://go.dev/cl/515257
https://groups.google.com/g/golang-announce/c/X0b…
https://pkg.go.dev/vuln/GO-2023-1987
https://security.netapp.com/advisory/ntap-2023083…
https://security.gentoo.org/glsa/202311-09

Impacted products

1 product

Vendor	Product	Version
Go standard library	crypto/tls	Affected: 0 , < 1.19.12 (semver) Affected: 1.20.0-0 , < 1.20.7 (semver) Affected: 1.21.0-0 , < 1.21.0-rc.4 (semver)

Credits

Mateusz Poliwczak

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:46.160Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/61460"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/515257"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1987"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230831-0010/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29409",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T14:15:51.334084Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T14:16:01.839Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/tls",
          "product": "crypto/tls",
          "programRoutines": [
            {
              "name": "Conn.verifyServerCertificate"
            },
            {
              "name": "Conn.processCertsFromClient"
            },
            {
              "name": "Conn.Handshake"
            },
            {
              "name": "Conn.HandshakeContext"
            },
            {
              "name": "Conn.Read"
            },
            {
              "name": "Conn.Write"
            },
            {
              "name": "Dial"
            },
            {
              "name": "DialWithDialer"
            },
            {
              "name": "Dialer.Dial"
            },
            {
              "name": "Dialer.DialContext"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.7",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.0-rc.4",
              "status": "affected",
              "version": "1.21.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mateusz Poliwczak"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:09:25.696Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/61460"
        },
        {
          "url": "https://go.dev/cl/515257"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1987"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230831-0010/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Large RSA keys can cause high CPU usage in crypto/tls"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-29409",
    "datePublished": "2023-08-02T19:47:23.829Z",
    "dateReserved": "2023-04-05T19:36:35.043Z",
    "dateUpdated": "2025-02-13T16:49:16.368Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39318 (GCVE-0-2023-39318)

Vulnerability from cvelistv5 – Published: 2023-09-08 16:13 – Updated: 2025-02-13 17:02

Title

Improper handling of HTML-like comments in script contexts in html/template

Summary

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.

Severity

No CVSS data available.

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

References

6 references

URL	Tags
https://go.dev/issue/62196
https://go.dev/cl/526156
https://groups.google.com/g/golang-dev/c/2C5vbR-U…
https://pkg.go.dev/vuln/GO-2023-2041
https://security.netapp.com/advisory/ntap-2023102…
https://security.gentoo.org/glsa/202311-09

Impacted products

1 product

Vendor	Product	Version
Go standard library	html/template	Affected: 0 , < 1.20.8 (semver) Affected: 1.21.0-0 , < 1.21.1 (semver)

Credits

Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:02:06.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/62196"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/526156"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-2041"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231020-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39318",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T16:02:51.219482Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T16:05:10.408Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "html/template",
          "product": "html/template",
          "programRoutines": [
            {
              "name": "isComment"
            },
            {
              "name": "escaper.escapeText"
            },
            {
              "name": "tJS"
            },
            {
              "name": "tLineCmt"
            },
            {
              "name": "Template.Execute"
            },
            {
              "name": "Template.ExecuteTemplate"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.20.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.1",
              "status": "affected",
              "version": "1.21.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:10:02.660Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/62196"
        },
        {
          "url": "https://go.dev/cl/526156"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-2041"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231020-0009/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Improper handling of HTML-like comments in script contexts in html/template"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-39318",
    "datePublished": "2023-09-08T16:13:24.063Z",
    "dateReserved": "2023-07-27T17:05:55.186Z",
    "dateUpdated": "2025-02-13T17:02:46.777Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39319 (GCVE-0-2023-39319)

Vulnerability from cvelistv5 – Published: 2023-09-08 16:13 – Updated: 2025-02-13 17:02

Title

Improper handling of special tags within script contexts in html/template

Summary

The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.

Severity

No CVSS data available.

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

References

6 references

URL	Tags
https://go.dev/issue/62197
https://go.dev/cl/526157
https://groups.google.com/g/golang-dev/c/2C5vbR-U…
https://pkg.go.dev/vuln/GO-2023-2043
https://security.netapp.com/advisory/ntap-2023102…
https://security.gentoo.org/glsa/202311-09

Impacted products

1 product

Vendor	Product	Version
Go standard library	html/template	Affected: 0 , < 1.20.8 (semver) Affected: 1.21.0-0 , < 1.21.1 (semver)

Credits

Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:02:06.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/62197"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/526157"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-2043"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231020-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39319",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T16:02:49.339620Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T16:04:58.123Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "html/template",
          "product": "html/template",
          "programRoutines": [
            {
              "name": "escaper.escapeText"
            },
            {
              "name": "tSpecialTagEnd"
            },
            {
              "name": "indexTagEnd"
            },
            {
              "name": "Template.Execute"
            },
            {
              "name": "Template.ExecuteTemplate"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.20.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.1",
              "status": "affected",
              "version": "1.21.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:10:06.783Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/62197"
        },
        {
          "url": "https://go.dev/cl/526157"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-2043"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231020-0009/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Improper handling of special tags within script contexts in html/template"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-39319",
    "datePublished": "2023-09-08T16:13:28.663Z",
    "dateReserved": "2023-07-27T17:05:55.186Z",
    "dateUpdated": "2025-02-13T17:02:47.366Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39321 (GCVE-0-2023-39321)

Vulnerability from cvelistv5 – Published: 2023-09-08 16:13 – Updated: 2025-02-13 17:02

Title

Panic when processing post-handshake message on QUIC connections in crypto/tls

Summary

Processing an incomplete post-handshake message for a QUIC connection can cause a panic.

Severity

No CVSS data available.

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

6 references

URL	Tags
https://go.dev/issue/62266
https://go.dev/cl/523039
https://groups.google.com/g/golang-dev/c/2C5vbR-U…
https://pkg.go.dev/vuln/GO-2023-2044
https://security.netapp.com/advisory/ntap-2023102…
https://security.gentoo.org/glsa/202311-09

Impacted products

1 product

Vendor	Product	Version
Go standard library	crypto/tls	Affected: 1.21.0-0 , < 1.21.1 (semver)

Credits

Marten Seemann

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:02:06.893Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/62266"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/523039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-2044"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39321",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T17:23:57.925389Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T17:25:25.677Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/tls",
          "product": "crypto/tls",
          "programRoutines": [
            {
              "name": "QUICConn.HandleData"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.21.1",
              "status": "affected",
              "version": "1.21.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Marten Seemann"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Processing an incomplete post-handshake message for a QUIC connection can cause a panic."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:09:32.105Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/62266"
        },
        {
          "url": "https://go.dev/cl/523039"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-2044"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Panic when processing post-handshake message on QUIC connections in crypto/tls"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-39321",
    "datePublished": "2023-09-08T16:13:30.386Z",
    "dateReserved": "2023-07-27T17:05:55.187Z",
    "dateUpdated": "2025-02-13T17:02:48.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39322 (GCVE-0-2023-39322)

Vulnerability from cvelistv5 – Published: 2023-09-08 16:13 – Updated: 2025-02-13 17:02

Title

Memory exhaustion in QUIC connection handling in crypto/tls

Summary

QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.

Severity

No CVSS data available.

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

6 references

URL	Tags
https://go.dev/issue/62266
https://go.dev/cl/523039
https://groups.google.com/g/golang-dev/c/2C5vbR-U…
https://pkg.go.dev/vuln/GO-2023-2045
https://security.netapp.com/advisory/ntap-2023102…
https://security.gentoo.org/glsa/202311-09

Impacted products

1 product

Vendor	Product	Version
Go standard library	crypto/tls	Affected: 1.21.0-0 , < 1.21.1 (semver)

Credits

Marten Seemann

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:02:07.098Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/62266"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/523039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-2045"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:go_standard_library:crypto_tls:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "crypto_tls",
            "vendor": "go_standard_library",
            "versions": [
              {
                "lessThan": "1.21.1",
                "status": "affected",
                "version": "1.21.0-0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39322",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T15:53:33.932737Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T15:56:13.357Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/tls",
          "product": "crypto/tls",
          "programRoutines": [
            {
              "name": "QUICConn.HandleData"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.21.1",
              "status": "affected",
              "version": "1.21.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Marten Seemann"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T11:09:57.257Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/62266"
        },
        {
          "url": "https://go.dev/cl/523039"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-2045"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231020-0004/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        }
      ],
      "title": "Memory exhaustion in QUIC connection handling in crypto/tls"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-39322",
    "datePublished": "2023-09-08T16:13:32.795Z",
    "dateReserved": "2023-07-27T17:05:55.187Z",
    "dateUpdated": "2025-02-13T17:02:49.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-39325 (GCVE-0-2023-39325)

Vulnerability from cvelistv5 – Published: 2023-10-11 21:15 – Updated: 2025-02-13 17:02

Title

HTTP/2 rapid reset can cause excessive work in net/http

Summary

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

Severity

No CVSS data available.

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

References

43 references

URL	Tags
https://go.dev/issue/63417
https://go.dev/cl/534215
https://go.dev/cl/534235
https://groups.google.com/g/golang-announce/c/iNN…
https://pkg.go.dev/vuln/GO-2023-2102
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://security.netapp.com/advisory/ntap-2023111…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://security.gentoo.org/glsa/202311-09
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…

Impacted products

2 products

Vendor	Product	Version
Go standard library	net/http	Affected: 0 , < 1.20.10 (semver) Affected: 1.21.0-0 , < 1.21.3 (semver)
golang.org/x/net	golang.org/x/net/http2	Affected: 0 , < 0.17.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:02:06.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/63417"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/534215"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/534235"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-2102"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http",
          "product": "net/http",
          "programRoutines": [
            {
              "name": "http2serverConn.serve"
            },
            {
              "name": "http2serverConn.processHeaders"
            },
            {
              "name": "http2serverConn.upgradeRequest"
            },
            {
              "name": "http2serverConn.runHandler"
            },
            {
              "name": "ListenAndServe"
            },
            {
              "name": "ListenAndServeTLS"
            },
            {
              "name": "Serve"
            },
            {
              "name": "ServeTLS"
            },
            {
              "name": "Server.ListenAndServe"
            },
            {
              "name": "Server.ListenAndServeTLS"
            },
            {
              "name": "Server.Serve"
            },
            {
              "name": "Server.ServeTLS"
            },
            {
              "name": "http2Server.ServeConn"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.20.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.21.3",
              "status": "affected",
              "version": "1.21.0-0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/http2",
          "product": "golang.org/x/net/http2",
          "programRoutines": [
            {
              "name": "serverConn.serve"
            },
            {
              "name": "serverConn.processHeaders"
            },
            {
              "name": "serverConn.upgradeRequest"
            },
            {
              "name": "serverConn.runHandler"
            },
            {
              "name": "Server.ServeConn"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.17.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-28T04:05:57.980Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/63417"
        },
        {
          "url": "https://go.dev/cl/534215"
        },
        {
          "url": "https://go.dev/cl/534235"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231110-0008/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/"
        },
        {
          "url": "https://security.gentoo.org/glsa/202311-09"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/"
        }
      ],
      "title": "HTTP/2 rapid reset can cause excessive work in net/http"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-39325",
    "datePublished": "2023-10-11T21:15:02.727Z",
    "dateReserved": "2023-07-27T17:05:55.188Z",
    "dateUpdated": "2025-02-13T17:02:50.341Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-44487 (GCVE-0-2023-44487)

Vulnerability from cvelistv5 – Published: 2023-10-10 00:00 – Updated: 2026-05-12 10:52

Summary

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

144 references

URL	Tags
https://github.com/dotnet/core/blob/e4613450ea0da…
https://blog.cloudflare.com/technical-breakdown-h…
https://aws.amazon.com/security/security-bulletin…
https://cloud.google.com/blog/products/identity-s…
https://www.nginx.com/blog/http-2-rapid-reset-att…
https://cloud.google.com/blog/products/identity-s…
https://news.ycombinator.com/item?id=37831062
https://blog.cloudflare.com/zero-day-rapid-reset-…
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
https://github.com/envoyproxy/envoy/pull/30055
https://github.com/haproxy/haproxy/issues/2312
https://github.com/eclipse/jetty.project/issues/10679
https://forums.swift.org/t/swift-nio-http2-securi…
https://github.com/nghttp2/nghttp2/pull/1961
https://github.com/netty/netty/commit/58f75f665aa…
https://github.com/alibaba/tengine/issues/1872
https://github.com/apache/tomcat/tree/main/java/o…
https://news.ycombinator.com/item?id=37830987
https://news.ycombinator.com/item?id=37830998
https://github.com/caddyserver/caddy/issues/5877
https://www.bleepingcomputer.com/news/security/ne…
https://github.com/bcdannyboy/CVE-2023-44487
https://github.com/grpc/grpc-go/pull/6703
https://github.com/icing/mod_h2/blob/0a864782af0a…
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
https://mailman.nginx.org/pipermail/nginx-devel/2…
https://my.f5.com/manage/s/article/K000137106
https://msrc.microsoft.com/blog/2023/10/microsoft…
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
https://cgit.freebsd.org/ports/commit/?id=c64c329…
http://www.openwall.com/lists/oss-security/2023/10/10/7	mailing-list
http://www.openwall.com/lists/oss-security/2023/10/10/6	mailing-list
https://seanmonstar.com/post/730794151136935936/h…
https://github.com/microsoft/CBL-Mariner/pull/6381
https://groups.google.com/g/golang-announce/c/iNN…
https://github.com/facebook/proxygen/pull/466
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a…
https://github.com/micrictor/http2-rst-stream
https://edg.io/lp/blog/resets-leaks-ddos-and-the-…
https://openssf.org/blog/2023/10/10/http-2-rapid-…
https://github.com/h2o/h2o/security/advisories/GH…
https://github.com/h2o/h2o/pull/3291
https://github.com/nodejs/node/pull/50121
https://github.com/dotnet/announcements/issues/277
https://github.com/golang/go/issues/63417
https://github.com/advisories/GHSA-vx74-f528-fxqg
https://github.com/apache/trafficserver/pull/10564
https://msrc.microsoft.com/update-guide/vulnerabi…
https://tomcat.apache.org/security-10.html#Fixed_…
https://lists.apache.org/thread/5py8h42mxfsn8l1wy…
https://www.openwall.com/lists/oss-security/2023/…
https://www.haproxy.com/blog/haproxy-is-not-affec…
https://github.com/opensearch-project/data-preppe…
https://github.com/kubernetes/kubernetes/pull/121120
https://github.com/oqtane/oqtane.framework/discus…
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
https://netty.io/news/2023/10/10/4-1-100-Final.html
https://www.cisa.gov/news-events/alerts/2023/10/1…
https://www.theregister.com/2023/10/10/http2_rapi…
https://blog.qualys.com/vulnerabilities-threat-re…
https://news.ycombinator.com/item?id=37837043
https://github.com/kazu-yamamoto/http2/issues/93
https://martinthomson.github.io/h2-stream-limits/…
https://github.com/kazu-yamamoto/http2/commit/f61…
https://github.com/apache/httpd/blob/afcdbeebbff4…
https://www.debian.org/security/2023/dsa-5522	vendor-advisory
https://www.debian.org/security/2023/dsa-5521	vendor-advisory
https://access.redhat.com/security/cve/cve-2023-44487
https://github.com/ninenines/cowboy/issues/1615
https://github.com/varnishcache/varnish-cache/iss…
https://github.com/tempesta-tech/tempesta/issues/1986
https://blog.vespa.ai/cve-2023-44487/
https://github.com/etcd-io/etcd/issues/16740
https://www.darkreading.com/cloud/internet-wide-z…
https://istio.io/latest/news/security/istio-secur…
https://github.com/junkurihara/rust-rpxy/issues/97
https://bugzilla.suse.com/show_bug.cgi?id=1216123
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://ubuntu.com/security/CVE-2023-44487
https://community.traefik.io/t/is-traefik-vulnera…
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/apache/httpd-site/pull/10
https://github.com/projectcontour/contour/pull/5826
https://github.com/linkerd/website/pull/1695/comm…
https://github.com/line/armeria/pull/5232
https://blog.litespeedtech.com/2023/10/11/rapid-r…
https://security.paloaltonetworks.com/CVE-2023-44487
https://github.com/akka/akka-http/issues/4323
https://github.com/openresty/openresty/issues/930
https://github.com/apache/apisix/issues/10320
https://github.com/Azure/AKS/issues/3947
https://github.com/Kong/kong/discussions/11741
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
https://www.netlify.com/blog/netlify-successfully…
https://github.com/caddyserver/caddy/releases/tag…
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
http://www.openwall.com/lists/oss-security/2023/10/13/4	mailing-list
http://www.openwall.com/lists/oss-security/2023/10/13/9	mailing-list
https://arstechnica.com/security/2023/10/how-ddos…
https://lists.w3.org/Archives/Public/ietf-http-wg…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://security.netapp.com/advisory/ntap-2023101…
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
http://www.openwall.com/lists/oss-security/2023/10/18/4	mailing-list
http://www.openwall.com/lists/oss-security/2023/10/18/8	mailing-list
http://www.openwall.com/lists/oss-security/2023/10/19/6	mailing-list
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
http://www.openwall.com/lists/oss-security/2023/10/20/8	mailing-list
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://www.debian.org/security/2023/dsa-5540	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://discuss.hashicorp.com/t/hcsec-2023-32-vau…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://www.debian.org/security/2023/dsa-5549	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://www.debian.org/security/2023/dsa-5558	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://security.gentoo.org/glsa/202311-09	vendor-advisory
https://www.debian.org/security/2023/dsa-5570	vendor-advisory
https://security.netapp.com/advisory/ntap-2024042…
https://security.netapp.com/advisory/ntap-2024062…
https://security.netapp.com/advisory/ntap-2024062…
https://github.com/grpc/grpc/releases/tag/v1.59.2
https://sec.cloudapps.cisco.com/security/center/c…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ietf:http:2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "http",
            "vendor": "ietf",
            "versions": [
              {
                "status": "affected",
                "version": "2.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-44487",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T20:34:21.334116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-10-10",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:35.187Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-10-10T00:00:00.000Z",
            "value": "CVE-2023-44487 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:08:27.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37831062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/pull/30055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/haproxy/haproxy/issues/2312"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/issues/10679"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nghttp2/nghttp2/pull/1961"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/alibaba/tengine/issues/1872"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37830987"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37830998"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/caddyserver/caddy/issues/5877"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/bcdannyboy/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/grpc/grpc-go/pull/6703"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://my.f5.com/manage/s/article/K000137106"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/facebook/proxygen/pull/466"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/micrictor/http2-rst-stream"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/h2o/h2o/pull/3291"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nodejs/node/pull/50121"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/dotnet/announcements/issues/277"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/golang/go/issues/63417"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/trafficserver/pull/10564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kubernetes/kubernetes/pull/121120"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=37837043"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kazu-yamamoto/http2/issues/93"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
          },
          {
            "name": "DSA-5522",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5522"
          },
          {
            "name": "DSA-5521",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5521"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ninenines/cowboy/issues/1615"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.vespa.ai/cve-2023-44487/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/etcd-io/etcd/issues/16740"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/httpd-site/pull/10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/projectcontour/contour/pull/5826"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/line/armeria/pull/5232"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/akka/akka-http/issues/4323"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openresty/openresty/issues/930"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/apisix/issues/10320"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/Azure/AKS/issues/3947"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/Kong/kong/discussions/11741"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
          },
          {
            "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
          },
          {
            "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
          },
          {
            "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
          },
          {
            "name": "FEDORA-2023-ed2642fd58",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
          },
          {
            "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
          },
          {
            "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
          },
          {
            "name": "[oss-security] 20231018 Vulnerability in Jenkins",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
          },
          {
            "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
          },
          {
            "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
          },
          {
            "name": "FEDORA-2023-54fadada12",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
          },
          {
            "name": "FEDORA-2023-5ff7bf1dd8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
          },
          {
            "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
          },
          {
            "name": "FEDORA-2023-17efd3f2cd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
          },
          {
            "name": "FEDORA-2023-d5030c983c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
          },
          {
            "name": "FEDORA-2023-0259c3f26f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
          },
          {
            "name": "FEDORA-2023-2a9214af5f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
          },
          {
            "name": "FEDORA-2023-e9c04d81c1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
          },
          {
            "name": "FEDORA-2023-f66fc0f62a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
          },
          {
            "name": "FEDORA-2023-4d2fd884ea",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
          },
          {
            "name": "FEDORA-2023-b2c50535cb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
          },
          {
            "name": "FEDORA-2023-fe53e13b5b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
          },
          {
            "name": "FEDORA-2023-4bf641255e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
          },
          {
            "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
          },
          {
            "name": "DSA-5540",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5540"
          },
          {
            "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
          },
          {
            "name": "FEDORA-2023-1caffb88af",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
          },
          {
            "name": "FEDORA-2023-3f70b8d406",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
          },
          {
            "name": "FEDORA-2023-7b52921cae",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
          },
          {
            "name": "FEDORA-2023-7934802344",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
          },
          {
            "name": "FEDORA-2023-dbe64661af",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
          },
          {
            "name": "FEDORA-2023-822aab0a5a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
          },
          {
            "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
          },
          {
            "name": "DSA-5549",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5549"
          },
          {
            "name": "FEDORA-2023-c0c6a91330",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
          },
          {
            "name": "FEDORA-2023-492b7be466",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
          },
          {
            "name": "DSA-5558",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5558"
          },
          {
            "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
          },
          {
            "name": "GLSA-202311-09",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-09"
          },
          {
            "name": "DSA-5570",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5570"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/08/13/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM APE1808",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SINEC NMS",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T10:52:23.784Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-341067.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-07T20:05:34.376Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73"
        },
        {
          "url": "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/"
        },
        {
          "url": "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/"
        },
        {
          "url": "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack"
        },
        {
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "url": "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37831062"
        },
        {
          "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/"
        },
        {
          "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack"
        },
        {
          "url": "https://github.com/envoyproxy/envoy/pull/30055"
        },
        {
          "url": "https://github.com/haproxy/haproxy/issues/2312"
        },
        {
          "url": "https://github.com/eclipse/jetty.project/issues/10679"
        },
        {
          "url": "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764"
        },
        {
          "url": "https://github.com/nghttp2/nghttp2/pull/1961"
        },
        {
          "url": "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61"
        },
        {
          "url": "https://github.com/alibaba/tengine/issues/1872"
        },
        {
          "url": "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37830987"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37830998"
        },
        {
          "url": "https://github.com/caddyserver/caddy/issues/5877"
        },
        {
          "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/"
        },
        {
          "url": "https://github.com/bcdannyboy/CVE-2023-44487"
        },
        {
          "url": "https://github.com/grpc/grpc-go/pull/6703"
        },
        {
          "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244"
        },
        {
          "url": "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0"
        },
        {
          "url": "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html"
        },
        {
          "url": "https://my.f5.com/manage/s/article/K000137106"
        },
        {
          "url": "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/"
        },
        {
          "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988"
        },
        {
          "url": "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9"
        },
        {
          "name": "[oss-security] 20231010 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/10/7"
        },
        {
          "name": "[oss-security] 20231010 CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/10/6"
        },
        {
          "url": "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected"
        },
        {
          "url": "https://github.com/microsoft/CBL-Mariner/pull/6381"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo"
        },
        {
          "url": "https://github.com/facebook/proxygen/pull/466"
        },
        {
          "url": "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088"
        },
        {
          "url": "https://github.com/micrictor/http2-rst-stream"
        },
        {
          "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve"
        },
        {
          "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/"
        },
        {
          "url": "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf"
        },
        {
          "url": "https://github.com/h2o/h2o/pull/3291"
        },
        {
          "url": "https://github.com/nodejs/node/pull/50121"
        },
        {
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "url": "https://github.com/golang/go/issues/63417"
        },
        {
          "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg"
        },
        {
          "url": "https://github.com/apache/trafficserver/pull/10564"
        },
        {
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487"
        },
        {
          "url": "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14"
        },
        {
          "url": "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/10/10/6"
        },
        {
          "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487"
        },
        {
          "url": "https://github.com/opensearch-project/data-prepper/issues/3474"
        },
        {
          "url": "https://github.com/kubernetes/kubernetes/pull/121120"
        },
        {
          "url": "https://github.com/oqtane/oqtane.framework/discussions/3367"
        },
        {
          "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p"
        },
        {
          "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html"
        },
        {
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/"
        },
        {
          "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack"
        },
        {
          "url": "https://news.ycombinator.com/item?id=37837043"
        },
        {
          "url": "https://github.com/kazu-yamamoto/http2/issues/93"
        },
        {
          "url": "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html"
        },
        {
          "url": "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1"
        },
        {
          "url": "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113"
        },
        {
          "name": "DSA-5522",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5522"
        },
        {
          "name": "DSA-5521",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5521"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2023-44487"
        },
        {
          "url": "https://github.com/ninenines/cowboy/issues/1615"
        },
        {
          "url": "https://github.com/varnishcache/varnish-cache/issues/3996"
        },
        {
          "url": "https://github.com/tempesta-tech/tempesta/issues/1986"
        },
        {
          "url": "https://blog.vespa.ai/cve-2023-44487/"
        },
        {
          "url": "https://github.com/etcd-io/etcd/issues/16740"
        },
        {
          "url": "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event"
        },
        {
          "url": "https://istio.io/latest/news/security/istio-security-2023-004/"
        },
        {
          "url": "https://github.com/junkurihara/rust-rpxy/issues/97"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1216123"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "url": "https://ubuntu.com/security/CVE-2023-44487"
        },
        {
          "url": "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125"
        },
        {
          "url": "https://github.com/advisories/GHSA-qppj-fm5r-hxr3"
        },
        {
          "url": "https://github.com/apache/httpd-site/pull/10"
        },
        {
          "url": "https://github.com/projectcontour/contour/pull/5826"
        },
        {
          "url": "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632"
        },
        {
          "url": "https://github.com/line/armeria/pull/5232"
        },
        {
          "url": "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/"
        },
        {
          "url": "https://security.paloaltonetworks.com/CVE-2023-44487"
        },
        {
          "url": "https://github.com/akka/akka-http/issues/4323"
        },
        {
          "url": "https://github.com/openresty/openresty/issues/930"
        },
        {
          "url": "https://github.com/apache/apisix/issues/10320"
        },
        {
          "url": "https://github.com/Azure/AKS/issues/3947"
        },
        {
          "url": "https://github.com/Kong/kong/discussions/11741"
        },
        {
          "url": "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487"
        },
        {
          "url": "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/"
        },
        {
          "url": "https://github.com/caddyserver/caddy/releases/tag/v2.7.5"
        },
        {
          "name": "[debian-lts-announce] 20231013 [SECURITY] [DLA 3617-1] tomcat9 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html"
        },
        {
          "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/13/4"
        },
        {
          "name": "[oss-security] 20231013 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/13/9"
        },
        {
          "url": "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/"
        },
        {
          "url": "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html"
        },
        {
          "name": "FEDORA-2023-ed2642fd58",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/"
        },
        {
          "url": "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/"
        },
        {
          "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231016-0001/"
        },
        {
          "name": "[debian-lts-announce] 20231016 [SECURITY] [DLA 3617-2] tomcat9 regression update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html"
        },
        {
          "name": "[oss-security] 20231018 Vulnerability in Jenkins",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/18/4"
        },
        {
          "name": "[oss-security] 20231018 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/18/8"
        },
        {
          "name": "[oss-security] 20231019 CVE-2023-45802: Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/19/6"
        },
        {
          "name": "FEDORA-2023-54fadada12",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/"
        },
        {
          "name": "FEDORA-2023-5ff7bf1dd8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/"
        },
        {
          "name": "[oss-security] 20231020 Re: CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/10/20/8"
        },
        {
          "name": "FEDORA-2023-17efd3f2cd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/"
        },
        {
          "name": "FEDORA-2023-d5030c983c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/"
        },
        {
          "name": "FEDORA-2023-0259c3f26f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/"
        },
        {
          "name": "FEDORA-2023-2a9214af5f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/"
        },
        {
          "name": "FEDORA-2023-e9c04d81c1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/"
        },
        {
          "name": "FEDORA-2023-f66fc0f62a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/"
        },
        {
          "name": "FEDORA-2023-4d2fd884ea",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/"
        },
        {
          "name": "FEDORA-2023-b2c50535cb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/"
        },
        {
          "name": "FEDORA-2023-fe53e13b5b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/"
        },
        {
          "name": "FEDORA-2023-4bf641255e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/"
        },
        {
          "name": "[debian-lts-announce] 20231030 [SECURITY] [DLA 3641-1] jetty9 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html"
        },
        {
          "name": "DSA-5540",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5540"
        },
        {
          "name": "[debian-lts-announce] 20231031 [SECURITY] [DLA 3638-1] h2o security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html"
        },
        {
          "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715"
        },
        {
          "name": "FEDORA-2023-1caffb88af",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/"
        },
        {
          "name": "FEDORA-2023-3f70b8d406",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/"
        },
        {
          "name": "FEDORA-2023-7b52921cae",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/"
        },
        {
          "name": "FEDORA-2023-7934802344",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/"
        },
        {
          "name": "FEDORA-2023-dbe64661af",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/"
        },
        {
          "name": "FEDORA-2023-822aab0a5a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/"
        },
        {
          "name": "[debian-lts-announce] 20231105 [SECURITY] [DLA 3645-1] trafficserver security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html"
        },
        {
          "name": "DSA-5549",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5549"
        },
        {
          "name": "FEDORA-2023-c0c6a91330",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/"
        },
        {
          "name": "FEDORA-2023-492b7be466",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/"
        },
        {
          "name": "DSA-5558",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5558"
        },
        {
          "name": "[debian-lts-announce] 20231119 [SECURITY] [DLA 3656-1] netty security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html"
        },
        {
          "name": "GLSA-202311-09",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202311-09"
        },
        {
          "name": "DSA-5570",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5570"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240426-0007/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
        },
        {
          "url": "https://github.com/grpc/grpc/releases/tag/v1.59.2"
        },
        {
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-44487",
    "datePublished": "2023-10-10T00:00:00.000Z",
    "dateReserved": "2023-09-29T00:00:00.000Z",
    "dateUpdated": "2026-05-12T10:52:23.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2023:6115

CVE-2023-29406 (GCVE-0-2023-29406)

CVE-2023-29409 (GCVE-0-2023-29409)

CVE-2023-39318 (GCVE-0-2023-39318)

CVE-2023-39319 (GCVE-0-2023-39319)

CVE-2023-39321 (GCVE-0-2023-39321)

CVE-2023-39322 (GCVE-0-2023-39322)

CVE-2023-39325 (GCVE-0-2023-39325)

CVE-2023-44487 (GCVE-0-2023-44487)

Tags

Sightings

Nomenclature