Vulnerability-Lookup

RHSA-2024:8677

Vulnerability from csaf_redhat - Published: 2024-10-30 18:18 - Updated: 2026-05-30 03:10

Summary

Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.6 security update

Severity

Important

Notes

Topic: An update is now available for Red Hat OpenShift GitOps v1.12.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Errata Advisory for Red Hat OpenShift GitOps v1.12.6. Security Fix(es): * openshift-gitops-argocd-container: openshift-gitops-argocd-container: Denial of Service Vulnerability in body-parser [gitops-1.12](CVE-2024-45590) * openshift-gitops-console-plugin-container: follow-redirects: Possible credential leak [gitops-1.12](CVE-2024-28849) * openshift-gitops-dex-container: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [gitops-1.12](CVE-2024-24786) * openshift-gitops-argocd-container: go-retryablehttp: url might write sensitive information to log file [gitops-1.12](CVE-2024-6104) * openshift-gitops-argocd-container: Improper Sanitization in serve-static [gitops-1.12](CVE-2024-43800) * openshift-gitops-argocd-container: Improper Input Handling in Express Redirects [gitops-1.12](CVE-2024-43796) * openshift-gitops-argocd-container: Code Execution Vulnerability in Send Library [gitops-1.12](CVE-2024-43799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-6104

A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.

6.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-24786

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-28849

A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64	—	Vendor Fix fix
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64	—	Vendor Fix fix

Threats

Impact Moderate

CVE-2024-43796

A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.

5.0 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-43799

A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.

5.0 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-43800

A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().

5.0 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2024-45590

A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-405 - Asymmetric Resource Consumption (Amplification)

Affected products

Fixed 35 products

Product	Version	Remediation
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

45 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:8677	self
https://access.redhat.com/security/updates/classi…	external
https://issues.redhat.com/browse/GITOPS-4234	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-6104	self
https://bugzilla.redhat.com/show_bug.cgi?id=2294000	external
https://www.cve.org/CVERecord?id=CVE-2024-6104	external
https://nvd.nist.gov/vuln/detail/CVE-2024-6104	external
https://access.redhat.com/security/cve/CVE-2024-24786	self
https://bugzilla.redhat.com/show_bug.cgi?id=2268046	external
https://www.cve.org/CVERecord?id=CVE-2024-24786	external
https://nvd.nist.gov/vuln/detail/CVE-2024-24786	external
https://go.dev/cl/569356	external
https://groups.google.com/g/golang-announce/c/ArQ…	external
https://pkg.go.dev/vuln/GO-2024-2611	external
https://access.redhat.com/security/cve/CVE-2024-28849	self
https://bugzilla.redhat.com/show_bug.cgi?id=2269576	external
https://www.cve.org/CVERecord?id=CVE-2024-28849	external
https://nvd.nist.gov/vuln/detail/CVE-2024-28849	external
https://github.com/follow-redirects/follow-redire…	external
https://access.redhat.com/security/cve/CVE-2024-43796	self
https://bugzilla.redhat.com/show_bug.cgi?id=2311152	external
https://www.cve.org/CVERecord?id=CVE-2024-43796	external
https://nvd.nist.gov/vuln/detail/CVE-2024-43796	external
https://github.com/expressjs/express/commit/54271…	external
https://github.com/expressjs/express/security/adv…	external
https://access.redhat.com/security/cve/CVE-2024-43799	self
https://bugzilla.redhat.com/show_bug.cgi?id=2311153	external
https://www.cve.org/CVERecord?id=CVE-2024-43799	external
https://nvd.nist.gov/vuln/detail/CVE-2024-43799	external
https://github.com/pillarjs/send/commit/ae4f29894…	external
https://github.com/pillarjs/send/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2024-43800	self
https://bugzilla.redhat.com/show_bug.cgi?id=2311154	external
https://www.cve.org/CVERecord?id=CVE-2024-43800	external
https://nvd.nist.gov/vuln/detail/CVE-2024-43800	external
https://github.com/expressjs/serve-static/commit/…	external
https://github.com/expressjs/serve-static/commit/…	external
https://github.com/expressjs/serve-static/securit…	external
https://access.redhat.com/security/cve/CVE-2024-45590	self
https://bugzilla.redhat.com/show_bug.cgi?id=2311171	external
https://www.cve.org/CVERecord?id=CVE-2024-45590	external
https://nvd.nist.gov/vuln/detail/CVE-2024-45590	external
https://github.com/expressjs/body-parser/commit/b…	external
https://github.com/expressjs/body-parser/security…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for Red Hat OpenShift GitOps v1.12.6. Red Hat\nProduct Security has rated this update as having a security impact of Important.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Errata Advisory for Red Hat OpenShift GitOps v1.12.6.\n\nSecurity Fix(es):\n\n* openshift-gitops-argocd-container: openshift-gitops-argocd-container: Denial of Service Vulnerability in body-parser [gitops-1.12](CVE-2024-45590) \n* openshift-gitops-console-plugin-container: follow-redirects: Possible credential leak [gitops-1.12](CVE-2024-28849)\n* openshift-gitops-dex-container: golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON [gitops-1.12](CVE-2024-24786)\n* openshift-gitops-argocd-container: go-retryablehttp: url might write sensitive information to log file [gitops-1.12](CVE-2024-6104)\n* openshift-gitops-argocd-container: Improper Sanitization in serve-static [gitops-1.12](CVE-2024-43800)\n* openshift-gitops-argocd-container: Improper Input Handling in Express Redirects [gitops-1.12](CVE-2024-43796)\n* openshift-gitops-argocd-container: Code Execution Vulnerability in Send Library [gitops-1.12](CVE-2024-43799)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:8677",
        "url": "https://access.redhat.com/errata/RHSA-2024:8677"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "GITOPS-4234",
        "url": "https://issues.redhat.com/browse/GITOPS-4234"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8677.json"
      }
    ],
    "title": "Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.6 security update",
    "tracking": {
      "current_release_date": "2026-05-30T03:10:33+00:00",
      "generator": {
        "date": "2026-05-30T03:10:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2024:8677",
      "initial_release_date": "2024-10-30T18:18:28+00:00",
      "revision_history": [
        {
          "date": "2024-10-30T18:18:28+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-10-30T18:18:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-30T03:10:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift GitOps 1.12",
                "product": {
                  "name": "Red Hat OpenShift GitOps 1.12",
                  "product_id": "8Base-GitOps-1.12",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenShift GitOps 1.12",
                "product": {
                  "name": "Red Hat OpenShift GitOps 1.12",
                  "product_id": "9Base-GitOps-1.12",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_gitops:1.12::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift GitOps"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
                  "product_id": "openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
                  "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
                  "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
                  "product_id": "openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
                  "product_id": "openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
                  "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
                  "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
                  "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.6-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
                  "product_id": "openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64",
                  "product_id": "openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=v1.12.6-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
                "product": {
                  "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
                  "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
                "product": {
                  "name": "openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
                  "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
                  "product_id": "openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
                "product": {
                  "name": "openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
                  "product_id": "openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
                "product": {
                  "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
                  "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
                "product": {
                  "name": "openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
                  "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
                  "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.6-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
                  "product_id": "openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
                  "product_id": "openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=v1.12.6-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
                "product": {
                  "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
                  "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
                "product": {
                  "name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
                  "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
                  "product_id": "openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
                "product": {
                  "name": "openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
                  "product_id": "openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
                "product": {
                  "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
                  "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
                "product": {
                  "name": "openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
                  "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
                "product": {
                  "name": "openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
                  "product_id": "openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
                  "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.6-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
                "product": {
                  "name": "openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
                  "product_id": "openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
                "product": {
                  "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
                  "product_id": "openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
                "product": {
                  "name": "openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
                  "product_id": "openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
                  "product_id": "openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
                "product": {
                  "name": "openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
                  "product_id": "openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
                "product": {
                  "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
                  "product_id": "openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/kam-delivery-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
                "product": {
                  "name": "openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
                  "product_id": "openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=v1.12.6-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
                "product": {
                  "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
                  "product_id": "openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=v1.12.6-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x"
        },
        "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le"
        },
        "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64"
        },
        "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64"
        },
        "product_reference": "openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le"
        },
        "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64"
        },
        "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64"
        },
        "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x"
        },
        "product_reference": "openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64"
        },
        "product_reference": "openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64"
        },
        "product_reference": "openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le"
        },
        "product_reference": "openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x"
        },
        "product_reference": "openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64"
        },
        "product_reference": "openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64"
        },
        "product_reference": "openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x"
        },
        "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64"
        },
        "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le"
        },
        "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64"
        },
        "product_reference": "openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le"
        },
        "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x"
        },
        "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64"
        },
        "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64"
        },
        "product_reference": "openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
        "relates_to_product_reference": "8Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
        "relates_to_product_reference": "9Base-GitOps-1.12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64 as a component of Red Hat OpenShift GitOps 1.12",
          "product_id": "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
        },
        "product_reference": "openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64",
        "relates_to_product_reference": "9Base-GitOps-1.12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-6104",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "discovery_date": "2024-06-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2294000"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "go-retryablehttp: url might write sensitive information to log file",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-6104"
        },
        {
          "category": "external",
          "summary": "RHBZ#2294000",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294000"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6104",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104"
        }
      ],
      "release_date": "2024-06-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T18:18:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8677"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "go-retryablehttp: url might write sensitive information to log file"
    },
    {
      "cve": "CVE-2024-24786",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2024-03-06T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2268046"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-24786"
        },
        {
          "category": "external",
          "summary": "RHBZ#2268046",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/569356",
          "url": "https://go.dev/cl/569356"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/",
          "url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2024-2611",
          "url": "https://pkg.go.dev/vuln/GO-2024-2611"
        }
      ],
      "release_date": "2024-03-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T18:18:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8677"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON"
    },
    {
      "cve": "CVE-2024-28849",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2024-03-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2269576"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the follow-redirects package. While processing the cross-domain redirection, `follow-redirects` clears authorization headers, however, it misses clearing proxy-authentication headers, which contain credentials as well. This issue may lead to credential leaking, having a high impact on data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Possible credential leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "RHBZ#2269576",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269576"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-28849",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28849"
        },
        {
          "category": "external",
          "summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
          "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
        }
      ],
      "release_date": "2024-03-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T18:18:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8677"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Possible credential leak"
    },
    {
      "cve": "CVE-2024-43796",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-09-10T15:30:28.106254+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2311152"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "express: Improper Input Handling in Express Redirects",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-43796"
        },
        {
          "category": "external",
          "summary": "RHBZ#2311152",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
          "url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
          "url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
        }
      ],
      "release_date": "2024-09-10T15:15:17.510000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T18:18:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8677"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "express: Improper Input Handling in Express Redirects"
    },
    {
      "cve": "CVE-2024-43799",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-09-10T15:30:30.869487+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2311153"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "send: Code Execution Vulnerability in Send Library",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-43799"
        },
        {
          "category": "external",
          "summary": "RHBZ#2311153",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799"
        },
        {
          "category": "external",
          "summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
          "url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
        },
        {
          "category": "external",
          "summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
          "url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
        }
      ],
      "release_date": "2024-09-10T15:15:17.727000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T18:18:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8677"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "send: Code Execution Vulnerability in Send Library"
    },
    {
      "cve": "CVE-2024-43800",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-09-10T15:30:33.631718+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2311154"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "serve-static: Improper Sanitization in serve-static",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "rhdh-hub-container 1.2 and 1.3 have included patches for this vulnerability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-43800"
        },
        {
          "category": "external",
          "summary": "RHBZ#2311154",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
          "url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
          "url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
          "url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
        }
      ],
      "release_date": "2024-09-10T15:15:17.937000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T18:18:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8677"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "serve-static: Improper Sanitization in serve-static"
    },
    {
      "cve": "CVE-2024-45590",
      "cwe": {
        "id": "CWE-405",
        "name": "Asymmetric Resource Consumption (Amplification)"
      },
      "discovery_date": "2024-09-10T16:20:29.292154+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2311171"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "body-parser: Denial of Service Vulnerability in body-parser",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
          "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
          "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-45590"
        },
        {
          "category": "external",
          "summary": "RHBZ#2311171",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
          "url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
        },
        {
          "category": "external",
          "summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
          "url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
        }
      ],
      "release_date": "2024-09-10T16:15:21.083000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-10-30T18:18:28+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:8677"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:30de68a0ecca94c6cbf06d0f7bbd91651bc3733a6ee496b58cdcc5c6d1b7fe84_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:42d01565f1c8b85e5dc480b34aea52fdce15a7071c65102b73bc45864f30217c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:600239219d6abc36e239c4378f1a5ae6360bfe6367c5bbbacaf713d4194cb066_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/argo-rollouts-rhel8@sha256:8405b9602109392ae984137d143f91b8f2b7550d5fca16902b1b38ad62117072_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:3b4a0a076a0954e4bf45898872a4db41a45d6f4223b097931fb3458c72e0e287_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:b5ecdbfb2000470a8efa46e6cb62c850db7c4acebd46b11d7c791c98b445ca44_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:df9455d9cb06511fd94a7335fd256d31a16cfdefc7af1431b0693de53811eb61_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/argocd-rhel8@sha256:ef1882372a4a0c12604c544aa09ebc0fb6697f2108accd74f423e8a42a9a849a_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:49299450da07c7d63cd34104182634b267903ce4c86a9598fc1da72073ef885c_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:b7e59715fc4ddc0d6cc70ec0eb14660fa25d1a10d784fa7d39e26ea657d90ca2_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e4fac9da180ce7fcb2cd24d7c5ed54847fdca24c783e6866a4917307a791a92a_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/console-plugin-rhel8@sha256:e7e12eab0e329bbc4ba85ae71508c667e13a6f707806ab938e78bb4d05377377_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:278f783a708bf4f0984c525d8faac82642519322e0ed74c4facc10db42578a85_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:383d9b606fe190b15b570949c34ce8109bfced4274e9f1edd339266bdc4cad96_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:b41b9d088cb71cbf9a57c8fd63a52462ffa9dbd0ac1cb6358c688a45035ca3c5_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/dex-rhel8@sha256:c49f49e26ba3c155f3e78e1444d4fa400415d5517bad654eed1a59437311fe40_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-operator-bundle@sha256:80198f65f7e3f9022a34e0342e9423807b855dcb7bda810172eebc9a27afb5c2_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:1da6cc56730caf7dce6039bff116137023ef6fd28a7a9ead31f3aa44da336461_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:6f1b7e9b88c56ac34029eb18148828485b88abbc291a0f36095d585792fa5b9b_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:70d1de694942fae82528179affc9408abfa835c5c14a438b13953f7300267d66_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8-operator@sha256:7419af667f37858951d00f889d7972f07a2bbce506371369b2bbc3d85afbe568_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:7135ff9064edcdc78f941ee6440f611bbee2cdd9fcdcab304eb12d4be043e8ef_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:c4935ae04342535d4ff8f1e7d4b63b3a7b9d675a4a65852784ebc680229c0b8e_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d2d712ddc8daeb9293080848ccbc4e368bbb8732caabaebdba61839a6f34cb85_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/gitops-rhel8@sha256:d9faecc2318952cab075b57006c862fe8cbcc869efb18d45aa29a08fc24e7479_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:1b0572536b919548af38ad77f348b341f1a8052812528ab309ac9c4e623655cb_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:8ab3edc2f56d6b195ac31865c21dbad4834c08d2aa5f7d111cfc0f57c3f0ce76_arm64",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:9a91b3b11c52ff74cf47fe1ab3f21d0f9c0ccfe2b1d8a0e42e383286c3a185e2_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/kam-delivery-rhel8@sha256:edf99302ddb3cb16d27f575929b5a59b22f50ff605eceaa6e29f1be72b02bc5c_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:6f13f8c8e710641972c410c0400e64447fb529fb4038a85d59a00d0893448e73_ppc64le",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:b3887fd6109bc55507b134e9ebd596a89d42413ccb5b863f328c60bd1b668afd_s390x",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:f0eaf113b4a3aec59bd5144af00d807391c33e410e56e05175c0685fd672305b_amd64",
            "8Base-GitOps-1.12:openshift-gitops-1/must-gather-rhel8@sha256:fbd2311d841e9ce89c63c8959c4ba296075fa33ed0a75d3e169d6e7d0162f226_arm64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:3dfa640a19aaaa00062e1b13347f28f070447cf4e41445f3bcc520537be43ba6_amd64",
            "9Base-GitOps-1.12:openshift-gitops-1/argocd-rhel9@sha256:620040787b5e670a227bf57cc25166c931cfe0cfbf6352ac56cacfbd97eca142_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "body-parser: Denial of Service Vulnerability in body-parser"
    }
  ]
}

CVE-2024-24786 (GCVE-0-2024-24786)

Vulnerability from cvelistv5 – Published: 2024-03-05 22:22 – Updated: 2025-02-13 17:40

Title

Infinite loop in JSON unmarshaling in google.golang.org/protobuf

Summary

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Assigner

References

5 references

URL	Tags
https://go.dev/cl/569356
https://pkg.go.dev/vuln/GO-2024-2611
https://lists.fedoraproject.org/archives/list/pac…
http://www.openwall.com/lists/oss-security/2024/03/08/4
https://security.netapp.com/advisory/ntap-2024051…

Impacted products

2 products

Vendor	Product	Version
google.golang.org/protobuf	google.golang.org/protobuf/encoding/protojson	Affected: 0 , < 1.33.0 (semver)
google.golang.org/protobuf	google.golang.org/protobuf/internal/encoding/json	Affected: 0 , < 1.33.0 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "go",
            "vendor": "golang",
            "versions": [
              {
                "lessThan": "1.33.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-24786",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T16:22:27.828054Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T16:23:32.865Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:28:12.790Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/569356"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2024-2611"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240517-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "google.golang.org/protobuf/encoding/protojson",
          "product": "google.golang.org/protobuf/encoding/protojson",
          "programRoutines": [
            {
              "name": "UnmarshalOptions.unmarshal"
            },
            {
              "name": "Unmarshal"
            },
            {
              "name": "UnmarshalOptions.Unmarshal"
            }
          ],
          "vendor": "google.golang.org/protobuf",
          "versions": [
            {
              "lessThan": "1.33.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "google.golang.org/protobuf/internal/encoding/json",
          "product": "google.golang.org/protobuf/internal/encoding/json",
          "programRoutines": [
            {
              "name": "Decoder.Read"
            },
            {
              "name": "Decoder.Peek"
            }
          ],
          "vendor": "google.golang.org/protobuf",
          "versions": [
            {
              "lessThan": "1.33.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T17:12:44.017Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/569356"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-2611"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240517-0002/"
        }
      ],
      "title": "Infinite loop in JSON unmarshaling in google.golang.org/protobuf"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-24786",
    "datePublished": "2024-03-05T22:22:35.299Z",
    "dateReserved": "2024-01-30T16:05:14.757Z",
    "dateUpdated": "2025-02-13T17:40:25.868Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-28849 (GCVE-0-2024-28849)

Vulnerability from cvelistv5 – Published: 2024-03-14 17:07 – Updated: 2025-02-13 17:47

Title

Proxy-Authorization header kept across hosts in follow-redirects

Summary

follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

GitHub_M

References

6 references

URL	Tags
https://github.com/follow-redirects/follow-redire…	x_refsource_CONFIRM
https://github.com/psf/requests/issues/1885	x_refsource_MISC
https://github.com/follow-redirects/follow-redire…	x_refsource_MISC
https://hackerone.com/reports/2390009	x_refsource_MISC
https://fetch.spec.whatwg.org/#authentication-entries	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…

Impacted products

1 product

Vendor	Product	Version
follow-redirects	follow-redirects	Affected: < 1.15.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:56:58.148Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
          },
          {
            "name": "https://github.com/psf/requests/issues/1885",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/psf/requests/issues/1885"
          },
          {
            "name": "https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b"
          },
          {
            "name": "https://hackerone.com/reports/2390009",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/2390009"
          },
          {
            "name": "https://fetch.spec.whatwg.org/#authentication-entries",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://fetch.spec.whatwg.org/#authentication-entries"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOIF4EPQUCKDBEVTGRQDZ3CGTYQHPO7Z/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:follow-redirects_project:follow-redirects:*:*:*:*:*:node.js:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "follow-redirects",
            "vendor": "follow-redirects_project",
            "versions": [
              {
                "lessThan": "1.15.6",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28849",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-02T19:45:25.235625Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:46:22.123Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "follow-redirects",
          "vendor": "follow-redirects",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.15.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "follow-redirects is an open source, drop-in replacement for Node\u0027s `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-23T03:06:02.341Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp"
        },
        {
          "name": "https://github.com/psf/requests/issues/1885",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/psf/requests/issues/1885"
        },
        {
          "name": "https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b"
        },
        {
          "name": "https://hackerone.com/reports/2390009",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/2390009"
        },
        {
          "name": "https://fetch.spec.whatwg.org/#authentication-entries",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://fetch.spec.whatwg.org/#authentication-entries"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOIF4EPQUCKDBEVTGRQDZ3CGTYQHPO7Z/"
        }
      ],
      "source": {
        "advisory": "GHSA-cxjh-pqwp-8mfp",
        "discovery": "UNKNOWN"
      },
      "title": "Proxy-Authorization header kept across hosts in follow-redirects"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-28849",
    "datePublished": "2024-03-14T17:07:27.338Z",
    "dateReserved": "2024-03-11T22:45:07.685Z",
    "dateUpdated": "2025-02-13T17:47:32.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43796 (GCVE-0-2024-43796)

Vulnerability from cvelistv5 – Published: 2024-09-10 14:36 – Updated: 2024-09-10 15:58

Title

express vulnerable to XSS via response.redirect()

Summary

Express.js minimalist web framework for node. In express < 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0.

Severity

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/expressjs/express/security/adv…	x_refsource_CONFIRM
https://github.com/expressjs/express/commit/54271…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
expressjs	express	Affected: < 4.20.0 Affected: >= 5.0.0-alpha.1, < 5.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:58:36.256748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T15:58:45.956Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "express",
          "vendor": "expressjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.20.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-alpha.1, \u003c 5.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Express.js minimalist web framework for node. In express \u003c 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect() may execute untrusted code. This issue is patched in express 4.20.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T14:36:27.380Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
        },
        {
          "name": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
        }
      ],
      "source": {
        "advisory": "GHSA-qw6h-vgh9-j6wx",
        "discovery": "UNKNOWN"
      },
      "title": "express vulnerable to XSS via response.redirect()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43796",
    "datePublished": "2024-09-10T14:36:27.380Z",
    "dateReserved": "2024-08-16T14:20:37.325Z",
    "dateUpdated": "2024-09-10T15:58:45.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-43799 (GCVE-0-2024-43799)

Vulnerability from cvelistv5 – Published: 2024-09-10 14:45 – Updated: 2025-11-03 19:30

Title

send vulnerable to template injection that can lead to XSS

Summary

Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0.

Severity

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/pillarjs/send/security/advisor…	x_refsource_CONFIRM
https://github.com/pillarjs/send/commit/ae4f29894…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
pillarjs	send	Affected: < 0.19.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43799",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T19:34:08.487499Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T19:34:18.557Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:30:41.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "send",
          "vendor": "pillarjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.19.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect() which executes untrusted code. This issue is patched in send 0.19.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T14:45:06.761Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
        },
        {
          "name": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
        }
      ],
      "source": {
        "advisory": "GHSA-m6fv-jmcg-4jfg",
        "discovery": "UNKNOWN"
      },
      "title": "send vulnerable to template injection that can lead to XSS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43799",
    "datePublished": "2024-09-10T14:45:06.761Z",
    "dateReserved": "2024-08-16T14:20:37.326Z",
    "dateUpdated": "2025-11-03T19:30:41.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-43800 (GCVE-0-2024-43800)

Vulnerability from cvelistv5 – Published: 2024-09-10 14:50 – Updated: 2024-09-10 19:08

Title

serve-static affected by template injection that can lead to XSS

Summary

serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0.

Severity

5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/expressjs/serve-static/securit…	x_refsource_CONFIRM
https://github.com/expressjs/serve-static/commit/…	x_refsource_MISC
https://github.com/expressjs/serve-static/commit/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
expressjs	serve-static	Affected: < 1.16.0 Affected: >= 2.0.0, < 2.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43800",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T19:07:51.583443Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T19:08:02.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "serve-static",
          "vendor": "expressjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.16.0"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "serve-static serves static files. serve-static passes untrusted user input - even after sanitizing it - to redirect() may execute untrusted code. This issue is patched in serve-static 1.16.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T14:50:06.043Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
        },
        {
          "name": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
        },
        {
          "name": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
        }
      ],
      "source": {
        "advisory": "GHSA-cm22-4g7w-348p",
        "discovery": "UNKNOWN"
      },
      "title": "serve-static affected by template injection that can lead to XSS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-43800",
    "datePublished": "2024-09-10T14:50:06.043Z",
    "dateReserved": "2024-08-16T14:20:37.326Z",
    "dateUpdated": "2024-09-10T19:08:02.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45590 (GCVE-0-2024-45590)

Vulnerability from cvelistv5 – Published: 2024-09-10 15:54 – Updated: 2024-09-10 18:47

Title

body-parser vulnerable to denial of service when url encoding is enabled

Summary

body-parser is Node.js body parsing middleware. body-parser <1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-405 - Asymmetric Resource Consumption (Amplification)

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/expressjs/body-parser/security…	x_refsource_CONFIRM
https://github.com/expressjs/body-parser/commit/b…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
expressjs	body-parser	Affected: < 1.20.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:expressjs:body-parser:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "body-parser",
            "vendor": "expressjs",
            "versions": [
              {
                "lessThan": "1.20.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45590",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T18:42:41.773305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T18:47:22.965Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "body-parser",
          "vendor": "expressjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.20.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "body-parser is Node.js body parsing middleware. body-parser \u003c1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in 1.20.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-405",
              "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-10T15:54:02.330Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
        },
        {
          "name": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
        }
      ],
      "source": {
        "advisory": "GHSA-qwcr-r2fm-qrc7",
        "discovery": "UNKNOWN"
      },
      "title": "body-parser vulnerable to denial of service when url encoding is enabled"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45590",
    "datePublished": "2024-09-10T15:54:02.330Z",
    "dateReserved": "2024-09-02T16:00:02.422Z",
    "dateUpdated": "2024-09-10T18:47:22.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6104 (GCVE-0-2024-6104)

Vulnerability from cvelistv5 – Published: 2024-06-24 17:06 – Updated: 2024-08-01 21:33

Title

go-retryablehttp can leak basic auth credentials to log files

Summary

go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.

Severity

6 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-532 - Insertion of Sensitive Information into Log File

Assigner

HashiCorp

References

1 reference

URL	Tags
https://discuss.hashicorp.com/c/security

Impacted products

1 product

Vendor	Product	Version
HashiCorp	Shared library	Affected: 0 , < 0.7.7 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6104",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-24T19:19:22.878144Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-24T19:19:28.773Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:33:04.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://discuss.hashicorp.com/c/security"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "64 bit",
            "32 bit",
            "x86",
            "ARM",
            "MacOS",
            "Windows",
            "Linux"
          ],
          "product": "Shared library",
          "repo": "https://github.com/hashicorp/go-retryablehttp",
          "vendor": "HashiCorp",
          "versions": [
            {
              "lessThan": "0.7.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ego-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.\u003c/p\u003e\u003cbr/\u003e"
            }
          ],
          "value": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-118",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-118: Collect and Analyze Information"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-532",
              "description": "CWE-532: Insertion of Sensitive Information into Log File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-24T17:06:21.150Z",
        "orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
        "shortName": "HashiCorp"
      },
      "references": [
        {
          "url": "https://discuss.hashicorp.com/c/security"
        }
      ],
      "source": {
        "advisory": "HCSEC-2024-12",
        "discovery": "EXTERNAL"
      },
      "title": "go-retryablehttp can leak basic auth credentials to log files"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc",
    "assignerShortName": "HashiCorp",
    "cveId": "CVE-2024-6104",
    "datePublished": "2024-06-24T17:06:21.150Z",
    "dateReserved": "2024-06-17T22:19:58.680Z",
    "dateUpdated": "2024-08-01T21:33:04.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2024:8677

CVE-2024-24786 (GCVE-0-2024-24786)

CVE-2024-28849 (GCVE-0-2024-28849)

CVE-2024-43796 (GCVE-0-2024-43796)

CVE-2024-43799 (GCVE-0-2024-43799)

CVE-2024-43800 (GCVE-0-2024-43800)

CVE-2024-45590 (GCVE-0-2024-45590)

CVE-2024-6104 (GCVE-0-2024-6104)

Tags

Sightings

Nomenclature