VAR-202103-1554
Vulnerability from variot - Updated: 2025-12-22 22:25Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Installation instructions are available from the Fuse 7.10.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/
- Solution:
For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:
https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html
For Red Hat OpenShift Logging 5.2, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html
- Bugs fixed (https://bugzilla.redhat.com/):
1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value
- JIRA issues fixed (https://issues.jboss.org/):
LOG-1775 - [release-5.2] Syslog output is serializing json incorrectly LOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing LOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1] LOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update. Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: EAP XP 2 security update to CVE fixes in the EAP 7.3.x base Advisory ID: RHSA-2021:2755-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2021:2755 Issue date: 2021-07-15 CVE Names: CVE-2020-13936 CVE-2020-15522 CVE-2020-28052 CVE-2021-3536 CVE-2021-20220 CVE-2021-20250 CVE-2021-21290 CVE-2021-21295 CVE-2021-21409 ==================================================================== 1. Summary:
This advisory resolves CVE issues filed against XP2 releases that have been fixed in the underlying EAP 7.3.x base. There are no changes to the EAP XP2 code base.
NOTE: This advisory is informational only. There are no code changes associated with it. No action is required.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
These are CVE issues filed against XP2 releases that have been fixed in the underlying EAP 7.3.x base, so no changes to the EAP XP2 code base.
Security Fix(es):
-
velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)
-
bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)
-
bouncycastle: Timing issue within the EC math library (CVE-2020-15522)
-
undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)
-
wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client (CVE-2021-20250)
-
netty: Information disclosure via the local system temporary directory (CVE-2021-21290)
-
netty: possible request smuggling in HTTP/2 due missing validation (CVE-2021-21295)
-
netty: Request smuggling via content-length header (CVE-2021-21409)
-
wildfly: XSS via admin console when creating roles in domain mode (CVE-2021-3536)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
This advisory is informational only. There are no code changes associated with it. No action is required.
- Bugs fixed (https://bugzilla.redhat.com/):
1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible 1923133 - CVE-2021-20220 undertow: Possible regression in fix for CVE-2020-10687 1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory 1929479 - CVE-2021-20250 wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client 1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation 1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates 1944888 - CVE-2021-21409 netty: Request smuggling via content-length header 1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode 1962879 - CVE-2020-15522 bouncycastle: Timing issue within the EC math library
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-22122 - XP 2.0.0 respin (2.0.0-7.3.8.GA)
- References:
https://access.redhat.com/security/cve/CVE-2020-13936 https://access.redhat.com/security/cve/CVE-2020-15522 https://access.redhat.com/security/cve/CVE-2020-28052 https://access.redhat.com/security/cve/CVE-2021-3536 https://access.redhat.com/security/cve/CVE-2021-20220 https://access.redhat.com/security/cve/CVE-2021-20250 https://access.redhat.com/security/cve/CVE-2021-21290 https://access.redhat.com/security/cve/CVE-2021-21295 https://access.redhat.com/security/cve/CVE-2021-21409 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/articles/5975301
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYPBTitzjgjWX9erEAQjULQ//dqoecZtz+8zCi1Ol+lvRNTDUSiLzYCr8 Z0A3cH+s0WmMPNZiM2yZ/oykjD3ANDckf4KEBdh+ONtYGBXQKyW7VUBZVJxw6uk8 5mZMM/KlIOSPsL2LdYnnIC1OHw971Sq2hzwqWWKkMLPjOHyi1LcTfY4doFIBbRb/ njy+/dXVgZzUOJLb5Fk4/1PiXFKlTLc2+hNCpBkZGr4bgOaMChQIo/bp9xltMyQx o+Tj23ipS4FNsyLOWJ4LLAfhNMX8UycHZxbyferFmSvBH35cw+dzi7YIvh8m/WeP QIxa9ag1p0Tk9fFwLwP5OnCTCCh0ITixJanqTENUuJvjTZ0BqWICssWPpoqd4REt UvulVEQfNY34Gjs2ivYlBFuKiZoOTDQiQHtaUiAlTBln14ppRDyCyDNV9YdatPQZ NzNTEzvZbthKGdF8eW6epLWy6YFWUhXyF6SQRk20pyJZ4Aqr3MioCjnU1XjX4lks VUnDBkJiY6f+TLwosSQojdBle/g9QFubvA+wG/ZpGVyI5Z194fWRwjZGEBTtwYTY +KoVjP9iTu/y2N0nj6Mtj9tAAUiwuR4QA7qDA7fG8BsL36lQCRIDSMKd3/xOS0f9 S1GtgSkLjWYcCUkGGRdmFwkVQc7GSMYV7Ysy+wOJYPsrSNcgbRhUZW4EdErPbH5t O9QuLVofSBU=j6f5 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Relevant releases/architectures:
7Client-AMQ-Clients-2 - noarch, x86_64 7ComputeNode-AMQ-Clients-2 - noarch, x86_64 7Server-AMQ-Clients-2 - noarch, x86_64 7Workstation-AMQ-Clients-2 - noarch, x86_64 8Base-AMQ-Clients-2 - noarch, x86_64
- Description:
Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Solution:
Before applying this update, ensure all previously released errata relevant to your system have been applied.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-18401 - Tracker bug for the EAP 7.4.1 release for RHEL-7 JBEAP-21231 - (7.4.x) Upgrade jgroups-kubernetes to 1.0.16.Final JBEAP-21257 - (7.4.z) Upgrade Infinispan from 11.0.9.Final to 11.0.11.Final JBEAP-21258 - (7.4.z) ISPN-12807 - Simple cache does not update eviction statistics JBEAP-21261 - (7.4.z) Upgrade to wildfly-http-client to 1.1.7.Final JBEAP-21263 - GSS Upgrade yasson from 1.0.5 to 1.0.9 JBEAP-21270 - [GSS] (7.4.z) Upgrade undertow from 2.2.5.Final to 2.2.8.SP1 JBEAP-21276 - GSS Non Transactional Cache needs to be invalidated after commit on JPQL update/delete operation JBEAP-21277 - GSS Upgrade Hibernate ORM from 5.3.20.Final-redhat-00001 to 5.3.20.SP1-redhat-00001 JBEAP-21281 - (7.4.z) Upgrade xalan from 2.7.1.redhat-12 to 2.7.1.redhat-13 JBEAP-21300 - (7.4.x) Upgrade velocity from 2.2.0.redhat-00001 to 2.3.0.redhat-00001 JBEAP-21309 - (7.4.z) Upgrade artemis-wildfly-integration from 1.0.2 to 1.0.4 JBEAP-21313 - GSS Upgrade Ironjacamar from 1.4.27.Final to 1.4.33.Final JBEAP-21472 - (7.4.z) Upgrade Elytron from 1.15.3.Final-redhat-00001 to 1.15.5.Final-redhat-00001 JBEAP-21569 - GSS Upgrade HAL from 3.3.2.Final-redhat-00001 to 3.3.7.Final-redhat-00001 JBEAP-21777 - (7.4.z) Upgrade jberet from 1.3.7.Final-redhat-00001 to 1.3.8.Final-redhat-00001 JBEAP-21781 - GSS WFCORE-5185 - Update ProviderDefinition to use optimised service loading API JBEAP-21818 - (7.4.z) Upgrade elytron-web from 1.6.2.Final-redhat-00001 to 1.9.1.Final JBEAP-21961 - (7.4.z) Upgrade remoting from 5.0.20.SP1-redhat-00001 to 5.0.23.Final-redhat-00001 JBEAP-21978 - (7.4.z) Upgrade WildFly Core from 15.0.2.Final-redhat-00001 to 15.0.3.Final-redhat-00001 JBEAP-22009 - GSS HAL-1753 - The Locations table is not updated after changing the profile in breadcrumb navigation JBEAP-22084 - GSS Upgrade PicketBox from 5.0.3.Final-redhat-00007 to 5.0.3.Final-redhat-00008 JBEAP-22088 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.13.Final-redhat-00001 to 1.1.14.Final-redhat-00001 JBEAP-22160 - (7.4.z) Upgrade jakarta.el from 3.0.3.redhat-00002 to 3.0.3.redhat-00006 JBEAP-22209 - (7.4.z) Upgrade commons-io from 2.5 to 2.10.0 JBEAP-22318 - (7.4.z) Upgrade WildFly Core from 15.0.3.Final-redhat-00001 to 15.0.4.Final-redhat-00001 JBEAP-22319 - (7.4.z) Upgrade undertow from 2.2.9.Final-redhat-00001 to 2.2.9.SP1-redhat-00001
- Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
8
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1554",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "nosql database",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "21.1.12"
},
{
"model": "helidon",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.4.10"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.11"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "communications design studio",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.2.0.0"
},
{
"model": "quarkus",
"scope": "lte",
"trust": 1.0,
"vendor": "quarkus",
"version": "1.13.7"
},
{
"model": "communications messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.1"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12.0"
},
{
"model": "communications cloud native core console",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.7.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking credit facilities process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.10"
},
{
"model": "communications brm - elastic charging engine",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3"
},
{
"model": "netty",
"scope": "lt",
"trust": 1.0,
"vendor": "netty",
"version": "4.1.61"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "banking trade finance process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.2.0"
},
{
"model": "primavera gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.11"
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "helidon",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.4.0"
},
{
"model": "oncommand api services",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "primavera gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12.0"
},
{
"model": "banking trade finance process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "communications cloud native core policy",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.14.0"
},
{
"model": "coherence",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.1.1.0.0"
},
{
"model": "banking corporate lending process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.3.0"
},
{
"model": "banking trade finance process management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.5.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "164566"
},
{
"db": "PACKETSTORM",
"id": "163713"
},
{
"db": "PACKETSTORM",
"id": "163517"
},
{
"db": "PACKETSTORM",
"id": "162490"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1685"
}
],
"trust": 1.4
},
"cve": "CVE-2021-21409",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-21409",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-379190",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-21409",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-21409",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security-advisories@github.com",
"id": "CVE-2021-21409",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-1685",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-379190",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-21409",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "VULMON",
"id": "CVE-2021-21409"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1685"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. The purpose of this text-only errata is to inform you about the\nsecurity issues fixed in this release. \n\nInstallation instructions are available from the Fuse 7.10.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/\n\n4. Solution:\n\nFor OpenShift Container Platform 4.8 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.2, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn\u0027t allow setting size restrictions for decompressed data\n2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn\u0027t restrict chunk length and may buffer skippable chunks in an unnecessary way\n2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-1775 - [release-5.2] Syslog output is serializing json incorrectly\nLOG-1824 - [release-5.2] Rejected by Elasticsearch and unexpected json-parsing\nLOG-1963 - [release-5.2] CLO panic: runtime error: slice bounds out of range [:-1]\nLOG-1970 - Applying cluster state is causing elasticsearch to hit an issue and become unusable\n\n6. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: EAP XP 2 security update to CVE fixes in the EAP 7.3.x base\nAdvisory ID: RHSA-2021:2755-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:2755\nIssue date: 2021-07-15\nCVE Names: CVE-2020-13936 CVE-2020-15522 CVE-2020-28052\n CVE-2021-3536 CVE-2021-20220 CVE-2021-20250\n CVE-2021-21290 CVE-2021-21295 CVE-2021-21409\n====================================================================\n1. Summary:\n\nThis advisory resolves CVE issues filed against XP2 releases that have been\nfixed in the underlying EAP 7.3.x base. There are no changes to the EAP XP2\ncode base. \n\nNOTE: This advisory is informational only. There are no code changes\nassociated with it. No action is required. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Description:\n\nThese are CVE issues filed against XP2 releases that have been fixed in the\nunderlying EAP 7.3.x base, so no changes to the EAP XP2 code base. \n\nSecurity Fix(es):\n\n* velocity: arbitrary code execution when attacker is able to modify\ntemplates (CVE-2020-13936)\n\n* bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility\npossible (CVE-2020-28052)\n\n* bouncycastle: Timing issue within the EC math library (CVE-2020-15522)\n\n* undertow: Possible regression in fix for CVE-2020-10687 (CVE-2021-20220)\n\n* wildfly: Information disclosure due to publicly accessible privileged\nactions in JBoss EJB Client (CVE-2021-20250)\n\n* netty: Information disclosure via the local system temporary directory\n(CVE-2021-21290)\n\n* netty: possible request smuggling in HTTP/2 due missing validation\n(CVE-2021-21295)\n\n* netty: Request smuggling via content-length header (CVE-2021-21409)\n\n* wildfly: XSS via admin console when creating roles in domain mode\n(CVE-2021-3536)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nThis advisory is informational only. There are no code changes associated\nwith it. No action is required. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1912881 - CVE-2020-28052 bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible\n1923133 - CVE-2021-20220 undertow: Possible regression in fix for CVE-2020-10687\n1927028 - CVE-2021-21290 netty: Information disclosure via the local system temporary directory\n1929479 - CVE-2021-20250 wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client\n1937364 - CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation\n1937440 - CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates\n1944888 - CVE-2021-21409 netty: Request smuggling via content-length header\n1948001 - CVE-2021-3536 wildfly: XSS via admin console when creating roles in domain mode\n1962879 - CVE-2020-15522 bouncycastle: Timing issue within the EC math library\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-22122 - XP 2.0.0 respin (2.0.0-7.3.8.GA)\n\n6. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-13936\nhttps://access.redhat.com/security/cve/CVE-2020-15522\nhttps://access.redhat.com/security/cve/CVE-2020-28052\nhttps://access.redhat.com/security/cve/CVE-2021-3536\nhttps://access.redhat.com/security/cve/CVE-2021-20220\nhttps://access.redhat.com/security/cve/CVE-2021-20250\nhttps://access.redhat.com/security/cve/CVE-2021-21290\nhttps://access.redhat.com/security/cve/CVE-2021-21295\nhttps://access.redhat.com/security/cve/CVE-2021-21409\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/articles/5975301\n\n7. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYPBTitzjgjWX9erEAQjULQ//dqoecZtz+8zCi1Ol+lvRNTDUSiLzYCr8\nZ0A3cH+s0WmMPNZiM2yZ/oykjD3ANDckf4KEBdh+ONtYGBXQKyW7VUBZVJxw6uk8\n5mZMM/KlIOSPsL2LdYnnIC1OHw971Sq2hzwqWWKkMLPjOHyi1LcTfY4doFIBbRb/\nnjy+/dXVgZzUOJLb5Fk4/1PiXFKlTLc2+hNCpBkZGr4bgOaMChQIo/bp9xltMyQx\no+Tj23ipS4FNsyLOWJ4LLAfhNMX8UycHZxbyferFmSvBH35cw+dzi7YIvh8m/WeP\nQIxa9ag1p0Tk9fFwLwP5OnCTCCh0ITixJanqTENUuJvjTZ0BqWICssWPpoqd4REt\nUvulVEQfNY34Gjs2ivYlBFuKiZoOTDQiQHtaUiAlTBln14ppRDyCyDNV9YdatPQZ\nNzNTEzvZbthKGdF8eW6epLWy6YFWUhXyF6SQRk20pyJZ4Aqr3MioCjnU1XjX4lks\nVUnDBkJiY6f+TLwosSQojdBle/g9QFubvA+wG/ZpGVyI5Z194fWRwjZGEBTtwYTY\n+KoVjP9iTu/y2N0nj6Mtj9tAAUiwuR4QA7qDA7fG8BsL36lQCRIDSMKd3/xOS0f9\nS1GtgSkLjWYcCUkGGRdmFwkVQc7GSMYV7Ysy+wOJYPsrSNcgbRhUZW4EdErPbH5t\nO9QuLVofSBU=j6f5\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Relevant releases/architectures:\n\n7Client-AMQ-Clients-2 - noarch, x86_64\n7ComputeNode-AMQ-Clients-2 - noarch, x86_64\n7Server-AMQ-Clients-2 - noarch, x86_64\n7Workstation-AMQ-Clients-2 - noarch, x86_64\n8Base-AMQ-Clients-2 - noarch, x86_64\n\n3. Description:\n\nRed Hat AMQ Clients enable connecting, sending, and receiving messages over\nthe AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.4.1 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.4.0\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.4.1 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. Solution:\n\nBefore applying this update, ensure all previously released errata relevant\nto your system have been applied. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-18401 - Tracker bug for the EAP 7.4.1 release for RHEL-7\nJBEAP-21231 - (7.4.x) Upgrade jgroups-kubernetes to 1.0.16.Final\nJBEAP-21257 - (7.4.z) Upgrade Infinispan from 11.0.9.Final to 11.0.11.Final\nJBEAP-21258 - (7.4.z) ISPN-12807 - Simple cache does not update eviction statistics\nJBEAP-21261 - (7.4.z) Upgrade to wildfly-http-client to 1.1.7.Final\nJBEAP-21263 - [GSS](7.4.z) Upgrade yasson from 1.0.5 to 1.0.9\nJBEAP-21270 - [GSS] (7.4.z) Upgrade undertow from 2.2.5.Final to 2.2.8.SP1\nJBEAP-21276 - [GSS](7.4.z) Non Transactional Cache needs to be invalidated after commit on JPQL update/delete operation\nJBEAP-21277 - [GSS](7.4.z) Upgrade Hibernate ORM from 5.3.20.Final-redhat-00001 to 5.3.20.SP1-redhat-00001\nJBEAP-21281 - (7.4.z) Upgrade xalan from 2.7.1.redhat-12 to 2.7.1.redhat-13\nJBEAP-21300 - (7.4.x) Upgrade velocity from 2.2.0.redhat-00001 to 2.3.0.redhat-00001\nJBEAP-21309 - (7.4.z) Upgrade artemis-wildfly-integration from 1.0.2 to 1.0.4\nJBEAP-21313 - [GSS](7.4.z) Upgrade Ironjacamar from 1.4.27.Final to 1.4.33.Final\nJBEAP-21472 - (7.4.z) Upgrade Elytron from 1.15.3.Final-redhat-00001 to 1.15.5.Final-redhat-00001\nJBEAP-21569 - [GSS](7.4.z) Upgrade HAL from 3.3.2.Final-redhat-00001 to 3.3.7.Final-redhat-00001\nJBEAP-21777 - (7.4.z) Upgrade jberet from 1.3.7.Final-redhat-00001 to 1.3.8.Final-redhat-00001\nJBEAP-21781 - [GSS](7.4.z) WFCORE-5185 - Update ProviderDefinition to use optimised service loading API\nJBEAP-21818 - (7.4.z) Upgrade elytron-web from 1.6.2.Final-redhat-00001 to 1.9.1.Final\nJBEAP-21961 - (7.4.z) Upgrade remoting from 5.0.20.SP1-redhat-00001 to 5.0.23.Final-redhat-00001\nJBEAP-21978 - (7.4.z) Upgrade WildFly Core from 15.0.2.Final-redhat-00001 to 15.0.3.Final-redhat-00001\nJBEAP-22009 - [GSS](7.4.z) HAL-1753 - The Locations table is not updated after changing the profile in breadcrumb navigation\nJBEAP-22084 - [GSS](7.4.z) Upgrade PicketBox from 5.0.3.Final-redhat-00007 to 5.0.3.Final-redhat-00008\nJBEAP-22088 - (7.4.z) Upgrade wildfly-transaction-client from 1.1.13.Final-redhat-00001 to 1.1.14.Final-redhat-00001\nJBEAP-22160 - (7.4.z) Upgrade jakarta.el from 3.0.3.redhat-00002 to 3.0.3.redhat-00006\nJBEAP-22209 - (7.4.z) Upgrade commons-io from 2.5 to 2.10.0\nJBEAP-22318 - (7.4.z) Upgrade WildFly Core from 15.0.3.Final-redhat-00001 to 15.0.4.Final-redhat-00001\nJBEAP-22319 - (7.4.z) Upgrade undertow from 2.2.9.Final-redhat-00001 to 2.2.9.SP1-redhat-00001\n\n7. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21409"
},
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "VULMON",
"id": "CVE-2021-21409"
},
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "164566"
},
{
"db": "PACKETSTORM",
"id": "163713"
},
{
"db": "PACKETSTORM",
"id": "163517"
},
{
"db": "PACKETSTORM",
"id": "162490"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21409",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "162490",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163517",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163489",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167709",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163423",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162839",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1685",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164566",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163713",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.0872",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2572",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0887",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4253",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3256",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3282",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2357",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2363",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2323",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4229",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1821",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1144",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2896",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3495",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3208",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2416",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1571",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163922",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164279",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164346",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021081922",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071513",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072145",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042257",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021093016",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021050706",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030322",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012740",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021061815",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012306",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021071219",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163483",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163477",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163485",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163480",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-379190",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21409",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165294",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "165287",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164276",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164275",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "VULMON",
"id": "CVE-2021-21409"
},
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "164566"
},
{
"db": "PACKETSTORM",
"id": "163713"
},
{
"db": "PACKETSTORM",
"id": "163517"
},
{
"db": "PACKETSTORM",
"id": "162490"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1685"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"id": "VAR-202103-1554",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
}
],
"trust": 0.01
},
"last_update_date": "2025-12-22T22:25:35.567000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Netty Remediation measures for environmental problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146083"
},
{
"title": "Debian CVElist Bug Report Logs: netty: CVE-2021-21409",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=23e6ecb2c9e3ae264a6a904e00c922b4"
},
{
"title": "Red Hat: CVE-2021-21409",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-21409"
},
{
"title": "Debian Security Advisories: DSA-4885-1 netty -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=b857eb63eda3549d92d4cef6b191afe6"
},
{
"title": "Red Hat: Moderate: Satellite 6.11 Release",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20225498 - Security Advisory"
},
{
"title": "CVE-2021-21409",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2021-21409 "
},
{
"title": "test.md",
"trust": 0.1,
"url": "https://github.com/AwesomeAlpha/test.md "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-21409"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1685"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-444",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.8,
"url": "https://github.com/netty/netty/security/advisories/ghsa-f256-j965-7f32"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"trust": 1.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-21295"
},
{
"trust": 1.8,
"url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
},
{
"trust": 1.8,
"url": "https://github.com/netty/netty/security/advisories/ghsa-wm47-8v5p-wjpj"
},
{
"trust": 1.8,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.5,
"url": "https://access.redhat.com/security/cve/cve-2021-21409"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21409"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3cjira.kafka.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3cdev.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3cissues.kudu.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3cissues.flink.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3cdev.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3cissues.flink.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3cjira.kafka.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3cissues.kudu.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3ccommits.pulsar.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2@%3ccommits.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362@%3cdev.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae@%3cissues.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3cnotifications.zookeeper.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2021-21295"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21295"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-netty-2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2416"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163517/red-hat-security-advisory-2021-2755-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072145"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1571"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3282"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/netty-information-disclosure-via-http2headerframe-request-smuggling-35007"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030322"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021050706"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-spectrum-scale-transparent-cloud-tier-cve-2021-21409/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6518930"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-netty-shipped-with-ibm-tivoli-netcool-omnibus-transport-module-common-integration-library-cve-2021-21290-cve-2021-21295-cve-2021/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0872"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042257"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164346/red-hat-security-advisory-2021-3700-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163713/red-hat-security-advisory-2021-2965-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021093016"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-netty-vulnerability-affects-ibm-watson-machine-learning-on-cp4d-cve-2021-21409/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4253"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012306"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1144"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071513"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164566/red-hat-security-advisory-2021-3880-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012740"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163489/red-hat-security-advisory-2021-2694-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3208"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1821"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2363"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3495"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167709/red-hat-security-advisory-2022-5498-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2323"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3256"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163922/red-hat-security-advisory-2021-3225-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164279/red-hat-security-advisory-2021-3660-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163423/red-hat-security-advisory-2021-2465-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021081922"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021061815"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4229"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6528214"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2572"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2896"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021071219"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162839/red-hat-security-advisory-2021-2139-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162490/red-hat-security-advisory-2021-1511-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0887"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-3536"
},
{
"trust": 0.5,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21290"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-21290"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3536"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3690"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-28170"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3597"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-29425"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3642"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3642"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13936"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13936"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-009"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37136"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-44228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15522"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15522"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-37137"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28491"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3644"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3644"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3597"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-29425"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3690"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-28170"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2021-21409"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-37714"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21341"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21342"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28169"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28164"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21348"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12415"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11988"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2875"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30468"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21350"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21349"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12415"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10744"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26217"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26259"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11987"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.10.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-34428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2934"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27223"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21346"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-26259"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11987"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26217"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10744"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35510"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-2934"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21341"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9488"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21342"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23926"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27223"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5134"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27568"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11988"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21343"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3200"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33574"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5827"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43527"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14145"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-35942"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24370"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3572"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36086"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13751"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22898"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16135"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17594"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3800"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36087"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-31535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19603"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22925"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20266"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-22876"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20231"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36332"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-17541"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-25014"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36085"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20317"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33560"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-43267"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3481"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-42574"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14155"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25009"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-25010"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28153"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36331"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13750"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3426"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3580"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17595"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:5127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35521"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.2/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20289"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26291"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26291"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=redhat.quarkus\u0026downloadtype=distributions\u0026version=2.2.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3880"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/4966181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20289"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2965"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20220"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2755"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20250"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20220"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/5975301"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28052"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1511"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3658"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3656"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "VULMON",
"id": "CVE-2021-21409"
},
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "164566"
},
{
"db": "PACKETSTORM",
"id": "163713"
},
{
"db": "PACKETSTORM",
"id": "163517"
},
{
"db": "PACKETSTORM",
"id": "162490"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1685"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379190"
},
{
"db": "VULMON",
"id": "CVE-2021-21409"
},
{
"db": "PACKETSTORM",
"id": "165294"
},
{
"db": "PACKETSTORM",
"id": "165287"
},
{
"db": "PACKETSTORM",
"id": "164566"
},
{
"db": "PACKETSTORM",
"id": "163713"
},
{
"db": "PACKETSTORM",
"id": "163517"
},
{
"db": "PACKETSTORM",
"id": "162490"
},
{
"db": "PACKETSTORM",
"id": "164276"
},
{
"db": "PACKETSTORM",
"id": "164275"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-1685"
},
{
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-30T00:00:00",
"db": "VULHUB",
"id": "VHN-379190"
},
{
"date": "2021-03-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21409"
},
{
"date": "2021-12-15T15:25:47",
"db": "PACKETSTORM",
"id": "165294"
},
{
"date": "2021-12-15T15:20:43",
"db": "PACKETSTORM",
"id": "165287"
},
{
"date": "2021-10-20T15:48:42",
"db": "PACKETSTORM",
"id": "164566"
},
{
"date": "2021-07-30T14:23:26",
"db": "PACKETSTORM",
"id": "163713"
},
{
"date": "2021-07-15T19:31:43",
"db": "PACKETSTORM",
"id": "163517"
},
{
"date": "2021-05-06T15:02:38",
"db": "PACKETSTORM",
"id": "162490"
},
{
"date": "2021-09-24T15:39:43",
"db": "PACKETSTORM",
"id": "164276"
},
{
"date": "2021-09-24T15:39:14",
"db": "PACKETSTORM",
"id": "164275"
},
{
"date": "2021-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1685"
},
{
"date": "2021-03-30T15:15:14.573000",
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-379190"
},
{
"date": "2022-05-12T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21409"
},
{
"date": "2022-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-1685"
},
{
"date": "2024-11-21T05:48:17.963000",
"db": "NVD",
"id": "CVE-2021-21409"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1685"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netty Environmental problem loophole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1685"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "environmental issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-1685"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…