Action not permitted
Modal body text goes here.
CVE-2022-24790
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:20:50.515Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5" }, { "name": "DSA-5146", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5146" }, { "name": "GLSA-202208-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202208-28" }, { "name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html" }, { "name": "FEDORA-2022-de968d1b6c", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/" }, { "name": "FEDORA-2022-52d0032596", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/" }, { "name": "FEDORA-2022-7c8b29195f", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "puma", "vendor": "puma", "versions": [ { "status": "affected", "version": "\u003c 4.3.12" }, { "status": "affected", "version": "\u003e= 5.0.0, \u003c 5.6.4" } ] } ], "descriptions": [ { "lang": "en", "value": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-12T19:06:40", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5" }, { "name": "DSA-5146", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5146" }, { "name": "GLSA-202208-28", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202208-28" }, { "name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html" }, { "name": "FEDORA-2022-de968d1b6c", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/" }, { "name": "FEDORA-2022-52d0032596", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/" }, { "name": "FEDORA-2022-7c8b29195f", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/" } ], "source": { "advisory": "GHSA-h99w-9q5r-gjq9", "discovery": "UNKNOWN" }, "title": "HTTP Request Smuggling in puma", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24790", "STATE": "PUBLIC", "TITLE": "HTTP Request Smuggling in puma" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "puma", "version": { "version_data": [ { "version_value": "\u003c 4.3.12" }, { "version_value": "\u003e= 5.0.0, \u003c 5.6.4" } ] } } ] }, "vendor_name": "puma" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9", "refsource": "CONFIRM", "url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9" }, { "name": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5", "refsource": "MISC", "url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5" }, { "name": "DSA-5146", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5146" }, { "name": "GLSA-202208-28", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-28" }, { "name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html" }, { "name": "FEDORA-2022-de968d1b6c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/" }, { "name": "FEDORA-2022-52d0032596", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/" }, { "name": "FEDORA-2022-7c8b29195f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/" } ] }, "source": { "advisory": "GHSA-h99w-9q5r-gjq9", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24790", "datePublished": "2022-03-30T21:50:09", "dateReserved": "2022-02-10T00:00:00", "dateUpdated": "2024-08-03T04:20:50.515Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-24790\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-03-30T22:15:08.500\",\"lastModified\":\"2024-11-21T06:51:06.130\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.\"},{\"lang\":\"es\",\"value\":\"Puma es un servidor HTTP versi\u00f3n 1.1 simple, r\u00e1pido, multihilo y paralelo para aplicaciones Ruby/Rack. Cuando es usado Puma detr\u00e1s de un proxy que no comprueba apropiadamente que la petici\u00f3n HTTP entrante coincide con el est\u00e1ndar RFC7230, Puma y el proxy del frontend pueden no estar de acuerdo en d\u00f3nde empieza y termina una petici\u00f3n. Esto permitir\u00eda contrabandear peticiones por medio del proxy del front-end a Puma. La vulnerabilidad ha sido corregida en versiones 5.6.4 y 4.3.12. Se recomienda a usuarios actualizar lo antes posible. Mitigaci\u00f3n: cuando despliegue un proxy frente a Puma, habilite todas las funciones para asegurarse de que la petici\u00f3n se ajusta al est\u00e1ndar RFC7230\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*\",\"versionEndExcluding\":\"4.3.12\",\"matchCriteriaId\":\"345E03BE-2C86-4772-AA09-236D912EC708\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.6.4\",\"matchCriteriaId\":\"C0FF1252-8D38-4832-B0B0-CAEDB2E13F0B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.gentoo.org/glsa/202208-28\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5146\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202208-28\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5146\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
wid-sec-w-2022-2109
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Red Hat Satellite dient als zentrale Stelle f\u00fcr das Management, die Verteilung von Updates in Netzwerken mit Red Hat Enterprise Linux Systemen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Satellite ausnutzen, um Sicherheitsvorkehrungen zu umgehen.", "title": "Angriff" }, { "category": "general", "text": "- UNIX\n- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2022-2109 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2109.json" }, { "category": "self", "summary": "WID-SEC-2022-2109 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2109" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:1486 vom 2023-03-28", "url": "https://access.redhat.com/errata/RHSA-2023:1486" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2022:8532 vom 2022-11-17", "url": "https://access.redhat.com/errata/RHSA-2022:8532" } ], "source_lang": "en-US", "title": "Red Hat Satellite: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen", "tracking": { "current_release_date": "2023-03-27T22:00:00.000+00:00", "generator": { "date": "2024-08-15T17:38:35.243+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2022-2109", "initial_release_date": "2022-11-17T23:00:00.000+00:00", "revision_history": [ { "date": "2022-11-17T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-03-27T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "category": "product_name", "name": "Red Hat Satellite Async \u003c 6.9.10", "product": { "name": "Red Hat Satellite Async \u003c 6.9.10", "product_id": "T025367", "product_identification_helper": { "cpe": "cpe:/a:redhat:satellite:async__6.9.10" } } } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-24790", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat Satellite. Der Fehler besteht in der Komponente \"puma\" aufgrund eines HTTP-Request-Schmuggels. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2022-11-17T23:00:00.000+00:00", "title": "CVE-2022-24790" } ] }
ghsa-h99w-9q5r-gjq9
Vulnerability from github
When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma.
The following vulnerabilities are addressed by this advisory:
- Lenient parsing of Transfer-Encoding
headers, when unsupported encodings should be rejected and the final encoding must be chunked
.
- Lenient parsing of malformed Content-Length
headers and chunk sizes, when only digits and hex digits should be allowed.
- Lenient parsing of duplicate Content-Length
headers, when they should be rejected.
- Lenient parsing of the ending of chunked segments, when they should end with \r\n
.
The vulnerability has been fixed in 5.6.4 and 4.3.12. When deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.
These proxy servers are known to have "good" behavior re: this standard and upgrading Puma may not be necessary. Users are encouraged to validate for themselves.
- Nginx (latest)
- Apache (latest)
- Haproxy 2.5+
- Caddy (latest)
- Traefik (latest)
{ "affected": [ { "package": { "ecosystem": "RubyGems", "name": "puma" }, "ranges": [ { "events": [ { "introduced": "5.0.0" }, { "fixed": "5.6.4" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "RubyGems", "name": "puma" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "4.3.12" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2022-24790" ], "database_specific": { "cwe_ids": [ "CWE-444" ], "github_reviewed": true, "github_reviewed_at": "2022-03-30T21:48:50Z", "nvd_published_at": "2022-03-30T22:15:00Z", "severity": "CRITICAL" }, "details": "When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma.\n\nThe following vulnerabilities are addressed by this advisory:\n- Lenient parsing of `Transfer-Encoding` headers, when unsupported encodings should be rejected and the final encoding must be `chunked`.\n- Lenient parsing of malformed `Content-Length` headers and chunk sizes, when only digits and hex digits should be allowed.\n- Lenient parsing of duplicate `Content-Length` headers, when they should be rejected.\n- Lenient parsing of the ending of chunked segments, when they should end with `\\r\\n`.\n\nThe vulnerability has been fixed in 5.6.4 and 4.3.12. When deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. \n\nThese proxy servers are known to have \"good\" behavior re: this standard and upgrading Puma may not be necessary. Users are encouraged to validate for themselves.\n\n- Nginx (latest)\n- Apache (latest)\n- Haproxy 2.5+\n- Caddy (latest)\n- Traefik (latest)", "id": "GHSA-h99w-9q5r-gjq9", "modified": "2022-08-16T19:37:40Z", "published": "2022-03-30T21:48:50Z", "references": [ { "type": "WEB", "url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790" }, { "type": "WEB", "url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5" }, { "type": "PACKAGE", "url": "https://github.com/puma/puma" }, { "type": "WEB", "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-24790.yml" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB" }, { "type": "WEB", "url": "https://portswigger.net/web-security/request-smuggling" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202208-28" }, { "type": "WEB", "url": "https://www.debian.org/security/2022/dsa-5146" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "type": "CVSS_V3" } ], "summary": "Puma vulnerable to HTTP Request Smuggling" }
rhsa-2023_1486
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat Gluster Storage 3.5 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nDjango is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY (Don\u0027t Repeat Yourself) principle.\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* puma-5.6.4: http request smuggling vulnerabilities (CVE-2022-24790)\n\n* rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* rubygem-tzinfo: arbitrary code execution (CVE-2022-31163)\n\n* rubygem-rack: crafted multipart POST request may cause a DoS (CVE-2022-30122)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:1486", "url": "https://access.redhat.com/errata/RHSA-2023:1486" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2071616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616" }, { "category": "external", "summary": "2099519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519" }, { "category": "external", "summary": "2099524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524" }, { "category": "external", "summary": "2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "2110551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_1486.json" } ], "title": "Red Hat Security Advisory: Red Hat Gluster Storage web-admin-build security update", "tracking": { "current_release_date": "2024-12-12T04:14:14+00:00", "generator": { "date": "2024-12-12T04:14:14+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2023:1486", "initial_release_date": "2023-03-28T00:18:32+00:00", "revision_history": [ { "date": "2023-03-28T00:18:32+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-03-28T00:18:32+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-12T04:14:14+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Gluster 3.5 Web Administration on RHEL-7", "product": { "name": "Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration", "product_identification_helper": { "cpe": "cpe:/a:redhat:storage:3.5:wa:el7" } } } ], "category": "product_family", "name": "Red Hat Gluster Storage" }, { "branches": [ { "category": "product_version", "name": "grafana-0:5.2.4-6.el7rhgs.src", "product": { "name": "grafana-0:5.2.4-6.el7rhgs.src", "product_id": "grafana-0:5.2.4-6.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@5.2.4-6.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "python-django-0:1.11.27-4.el7rhgs.src", "product": { "name": "python-django-0:1.11.27-4.el7rhgs.src", "product_id": "python-django-0:1.11.27-4.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-django@1.11.27-4.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "ruby-0:2.4.9-94.el7rhgs.src", "product": { "name": "ruby-0:2.4.9-94.el7rhgs.src", "product_id": "ruby-0:2.4.9-94.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby@2.4.9-94.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "product": { "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "product_id": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activemodel@5.2.0-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "product": { "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "product_id": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activesupport@5.2.0-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "product": { "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "product_id": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-bcrypt@3.1.12-2.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "product": { "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "product_id": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-concurrent-ruby@1.1.9-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src", "product": { "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src", "product_id": "rubygem-i18n-0:1.9.1-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-i18n@1.9.1-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "product": { "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "product_id": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-mustermann@1.0.3-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "product": { "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "product_id": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-nio4r@2.3.1-2.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-puma-0:4.3.12-1.el7rhgs.src", "product": { "name": "rubygem-puma-0:4.3.12-1.el7rhgs.src", "product_id": "rubygem-puma-0:4.3.12-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-puma@4.3.12-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-rack-0:2.2.4-1.el7rhgs.src", "product": { "name": "rubygem-rack-0:2.2.4-1.el7rhgs.src", "product_id": "rubygem-rack-0:2.2.4-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack@2.2.4-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "product": { "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "product_id": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack-protection@2.2.0-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "product": { "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "product_id": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-sinatra@2.2.0-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "product": { "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "product_id": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-thread_safe@0.3.6-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src", "product": { "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src", "product_id": "rubygem-tilt-0:2.0.11-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-tilt@2.0.11-1.el7rhgs?arch=src" } } }, { "category": "product_version", "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "product": { "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "product_id": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el7rhgs?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "grafana-0:5.2.4-6.el7rhgs.x86_64", "product": { "name": "grafana-0:5.2.4-6.el7rhgs.x86_64", "product_id": "grafana-0:5.2.4-6.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/grafana@5.2.4-6.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-0:2.4.9-94.el7rhgs.x86_64", "product": { "name": "ruby-0:2.4.9-94.el7rhgs.x86_64", "product_id": "ruby-0:2.4.9-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby@2.4.9-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "product": { "name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "product_id": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby-devel@2.4.9-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "product": { "name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "product_id": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby-libs@2.4.9-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "product": { "name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "product_id": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-bigdecimal@1.3.2-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "product": { "name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "product_id": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-did_you_mean@1.1.0-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "product": { "name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "product_id": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-io-console@0.4.6-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "product": { "name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "product_id": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-json@2.0.4-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "product": { "name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "product_id": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-net-telnet@0.1.1-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "product": { "name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "product_id": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-openssl@2.0.9-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "product": { "name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "product_id": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-psych@2.2.2-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "product": { "name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "product_id": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby-debuginfo@2.4.9-94.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "product": { "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "product_id": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-bcrypt@3.1.12-2.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "product": { "name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "product_id": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-bcrypt-debuginfo@3.1.12-2.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "product": { "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "product_id": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-nio4r@2.3.1-2.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "product": { "name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "product_id": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-nio4r-debuginfo@2.3.1-2.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "product": { "name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "product_id": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-puma@4.3.12-1.el7rhgs?arch=x86_64" } } }, { "category": "product_version", "name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "product": { "name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "product_id": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-puma-debuginfo@4.3.12-1.el7rhgs?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "product": { "name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "product_id": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-django-bash-completion@1.11.27-4.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "python2-django-0:1.11.27-4.el7rhgs.noarch", "product": { "name": "python2-django-0:1.11.27-4.el7rhgs.noarch", "product_id": "python2-django-0:1.11.27-4.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python2-django@1.11.27-4.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "product": { "name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "product_id": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python2-django-doc@1.11.27-4.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch", "product": { "name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch", "product_id": "ruby-doc-0:2.4.9-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby-doc@2.4.9-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch", "product": { "name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch", "product_id": "ruby-irb-0:2.4.9-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/ruby-irb@2.4.9-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "product": { "name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "product_id": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-minitest@5.10.1-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "product": { "name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "product_id": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-power_assert@0.4.1-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "product": { "name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "product_id": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rake@12.0.0-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "product": { "name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "product_id": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rdoc@5.0.1-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "product": { "name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "product_id": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-test-unit@3.2.3-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "product": { "name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "product_id": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-xmlrpc@0.2.1-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch", "product": { "name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch", "product_id": "rubygems-0:2.6.14.4-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygems@2.6.14.4-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch", "product": { "name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch", "product_id": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygems-devel@2.6.14.4-94.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "product_id": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activemodel@5.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "product_id": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activemodel-doc@5.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "product_id": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activesupport@5.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "product_id": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-activesupport-doc@5.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "product": { "name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "product_id": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-bcrypt-doc@3.1.12-2.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "product": { "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "product_id": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-concurrent-ruby@1.1.9-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "product": { "name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "product_id": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-concurrent-ruby-doc@1.1.9-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "product": { "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "product_id": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-i18n@1.9.1-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "product": { "name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "product_id": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-i18n-doc@1.9.1-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "product": { "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "product_id": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-mustermann@1.0.3-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "product": { "name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "product_id": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-mustermann-doc@1.0.3-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "product": { "name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "product_id": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-nio4r-doc@2.3.1-2.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "product": { "name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "product_id": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-puma-doc@4.3.12-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "product": { "name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "product_id": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack@2.2.4-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "product": { "name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "product_id": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack-doc@2.2.4-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "product_id": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack-protection@2.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "product_id": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-rack-protection-doc@2.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "product_id": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-sinatra@2.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "product": { "name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "product_id": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-sinatra-doc@2.2.0-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "product": { "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "product_id": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-thread_safe@0.3.6-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "product": { "name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "product_id": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-thread_safe-doc@0.3.6-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "product": { "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "product_id": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-tilt@2.0.11-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "product": { "name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "product_id": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-tilt-doc@2.0.11-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "product": { "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "product_id": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-tzinfo@1.2.10-1.el7rhgs?arch=noarch" } } }, { "category": "product_version", "name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "product": { "name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "product_id": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rubygem-tzinfo-doc@1.2.10-1.el7rhgs?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "grafana-0:5.2.4-6.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src" }, "product_reference": "grafana-0:5.2.4-6.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "grafana-0:5.2.4-6.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64" }, "product_reference": "grafana-0:5.2.4-6.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "python-django-0:1.11.27-4.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src" }, "product_reference": "python-django-0:1.11.27-4.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch" }, "product_reference": "python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "python2-django-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch" }, "product_reference": "python2-django-0:1.11.27-4.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch" }, "product_reference": "python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-0:2.4.9-94.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src" }, "product_reference": "ruby-0:2.4.9-94.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64" }, "product_reference": "ruby-0:2.4.9-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64" }, "product_reference": "ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64" }, "product_reference": "ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-doc-0:2.4.9-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch" }, "product_reference": "ruby-doc-0:2.4.9-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-irb-0:2.4.9-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch" }, "product_reference": "ruby-irb-0:2.4.9-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64" }, "product_reference": "ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src" }, "product_reference": "rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src" }, "product_reference": "rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src" }, "product_reference": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64" }, "product_reference": "rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64" }, "product_reference": "rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch" }, "product_reference": "rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64" }, "product_reference": "rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch" }, "product_reference": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src" }, "product_reference": "rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch" }, "product_reference": "rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64" }, "product_reference": "rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch" }, "product_reference": "rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-i18n-0:1.9.1-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src" }, "product_reference": "rubygem-i18n-0:1.9.1-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch" }, "product_reference": "rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64" }, "product_reference": "rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64" }, "product_reference": "rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch" }, "product_reference": "rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch" }, "product_reference": "rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src" }, "product_reference": "rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch" }, "product_reference": "rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64" }, "product_reference": "rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src" }, "product_reference": "rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64" }, "product_reference": "rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64" }, "product_reference": "rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch" }, "product_reference": "rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64" }, "product_reference": "rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch" }, "product_reference": "rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64" }, "product_reference": "rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-puma-0:4.3.12-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src" }, "product_reference": "rubygem-puma-0:4.3.12-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64" }, "product_reference": "rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64 as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64" }, "product_reference": "rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch" }, "product_reference": "rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch" }, "product_reference": "rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-0:2.2.4-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src" }, "product_reference": "rubygem-rack-0:2.2.4-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch" }, "product_reference": "rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src" }, "product_reference": "rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch" }, "product_reference": "rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch" }, "product_reference": "rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src" }, "product_reference": "rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch" }, "product_reference": "rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch" }, "product_reference": "rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch" }, "product_reference": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src" }, "product_reference": "rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch" }, "product_reference": "rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch" }, "product_reference": "rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-tilt-0:2.0.11-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src" }, "product_reference": "rubygem-tilt-0:2.0.11-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch" }, "product_reference": "rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch" }, "product_reference": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src" }, "product_reference": "rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch" }, "product_reference": "rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch" }, "product_reference": "rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygems-0:2.6.14.4-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch" }, "product_reference": "rubygems-0:2.6.14.4-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" }, { "category": "default_component_of", "full_product_name": { "name": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch as a component of Red Hat Gluster 3.5 Web Administration on RHEL-7", "product_id": "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" }, "product_reference": "rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch", "relates_to_product_reference": "7Server-RH-Gluster-3.5-WebAdministration" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-24790", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-04-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2071616" } ], "notes": [ { "category": "description", "text": "A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "puma-5.6.4: http request smuggling vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch" ], "known_not_affected": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24790" }, { "category": "external", "summary": "RHBZ#2071616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24790", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24790" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790" } ], "release_date": "2022-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-28T00:18:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "puma-5.6.4: http request smuggling vulnerabilities" }, { "cve": "CVE-2022-30122", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2022-06-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2099519" } ], "notes": [ { "category": "description", "text": "A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack\u0027s multipart parser to take much longer than expected, leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rack: crafted multipart POST request may cause a DoS", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch" ], "known_not_affected": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30122" }, { "category": "external", "summary": "RHBZ#2099519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099519" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30122", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30122" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30122" }, { "category": "external", "summary": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml", "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2022-30122.yml" } ], "release_date": "2022-05-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-28T00:18:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "rubygem-rack: crafted multipart POST request may cause a DoS" }, { "cve": "CVE-2022-30123", "cwe": { "id": "CWE-179", "name": "Incorrect Behavior Order: Early Validation" }, "discovery_date": "2022-06-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2099524" } ], "notes": [ { "category": "description", "text": "A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack\u0027s `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim\u0027s terminal.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-rack: crafted requests can cause shell escape sequences", "title": "Vulnerability summary" }, { "category": "other", "text": "- Because Red Hat OpenStack Platform 13.0 Operational Tools packaged the flawed code, but does not use its functionality, its Impact has been reduced to \u0027Low\u0027.\n- To exploit this vulnerability, applications should have either of these middlewares \u0027Lint\u0027 or \u0027CommonLogger\u0027 installed, and vulnerable apps may have something like this: \n\u0027use Rack::Lint\u0027 OR \u0027use Rack::CommonLogger\u0027\nThe Red Hat products use the flawed code but don\u0027t use its functionality, Hence, the impact is set to Important.\n- Logging Subsystem for Red Hat OpenShift uses the vulnerable ruby gem-rack package in the openshift-logging/fluentd-rhel8 component to instantiate client-to-server communication. But, this component cannot receive any requests so exploitation by crafted request consumption is not possible. Therefore the impact of this vulnerability on the Logging Subsystem for Red Hat OpenShift is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch" ], "known_not_affected": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-30123" }, { "category": "external", "summary": "RHBZ#2099524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-30123", "url": "https://www.cve.org/CVERecord?id=CVE-2022-30123" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30123" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr", "url": "https://github.com/advisories/GHSA-wq4h-7r42-5hrr" } ], "release_date": "2022-05-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-28T00:18:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "rubygem-rack: crafted requests can cause shell escape sequences" }, { "cve": "CVE-2022-31129", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2022-07-07T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2105075" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service (ReDoS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "moment: inefficient parsing algorithm resulting in DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Fuse provides the affected software but does not use the functionality and as such its impact has been downgraded to Low.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships a vulnerable version of the moment library. However, this affected functionality is restricted behind OAuth, reducing the impact to Moderate.\n\nRed Hat Satellite ships a vulnerable version of the moment library. However, this only affects a specific component (qpid-dispatch), reducing the impact to Moderate.\n\nRed Hat Ceph Storage (RHCS) ships a vulnerable version of the moment library, however, it is not directly used and is a transitive dependency from Angular. In addition, the impact would only be to the grafana browser, and not the underlying RHCS system, which reduces the impact to Moderate. \n\nRed Hat OpenShift Service Mesh (OSSM) ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nRed Hat OpenShift distributed tracing ships a vulnerable version of the moment library, however, it is not directly used, and as such, the impact has been lowered to Moderate.\n\nIn Logging Subsystem for Red Hat OpenShift the vulnerable moment nodejs package is bundled in the ose-logging-kibana6 container as a transitive dependency, hence the direct impact is reduced to Moderate.\n\nIn OpenShift Container Platform 4 the vulnerabile moment package is a third party dependency, hence the direct impact is reduced to Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64" ], "known_not_affected": [ "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31129" }, { "category": "external", "summary": "RHBZ#2105075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31129", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31129" }, { "category": "external", "summary": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g", "url": "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g" } ], "release_date": "2022-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-28T00:18:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1486" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "moment: inefficient parsing algorithm resulting in DoS" }, { "cve": "CVE-2022-31163", "cwe": { "id": "CWE-23", "name": "Relative Path Traversal" }, "discovery_date": "2022-07-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2110551" } ], "notes": [ { "category": "description", "text": "A flaw was found in rubygem-tzinfo. When using the Timezone.get function, it fails to validate time zone identifiers correctly, allowing a new line character input within the identifier. This flaw allows an attacker to use the new line character and write any code, which will be executed within the Ruby process.", "title": "Vulnerability description" }, { "category": "summary", "text": "rubygem-tzinfo: arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch" ], "known_not_affected": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-31163" }, { "category": "external", "summary": "RHBZ#2110551", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2110551" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-31163", "url": "https://www.cve.org/CVERecord?id=CVE-2022-31163" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31163" }, { "category": "external", "summary": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx", "url": "https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx" } ], "release_date": "2022-07-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-03-28T00:18:32+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:1486" }, { "category": "workaround", "details": "As a workaround, the time zone identifier can be validated before passing to TZInfo::Timezone.get by ensuring it matches the regular expression \\A[A-Za-z0-9+\\-_]+(?:\\/[A-Za-z0-9+\\-_]+)*\\z.", "product_ids": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:grafana-0:5.2.4-6.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:python-django-0:1.11.27-4.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:python-django-bash-completion-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:python2-django-doc-0:1.11.27-4.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:ruby-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-debuginfo-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-devel-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:ruby-doc-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-irb-0:2.4.9-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:ruby-libs-0:2.4.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activemodel-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-0:5.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-activesupport-doc-0:5.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-debuginfo-0:3.1.12-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bcrypt-doc-0:3.1.12-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-bigdecimal-0:1.3.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-0:1.1.9-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-concurrent-ruby-doc-0:1.1.9-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-did_you_mean-0:1.1.0-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-0:1.9.1-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-i18n-doc-0:1.9.1-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-io-console-0:0.4.6-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-json-0:2.0.4-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-minitest-0:5.10.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-0:1.0.3-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-mustermann-doc-0:1.0.3-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-net-telnet-0:0.1.1-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-debuginfo-0:2.3.1-2.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-nio4r-doc-0:2.3.1-2.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-openssl-0:2.0.9-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-power_assert-0:0.4.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-psych-0:2.2.2-94.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-debuginfo-0:4.3.12-1.el7rhgs.x86_64", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-puma-doc-0:4.3.12-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-0:2.2.4-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-doc-0:2.2.4-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rack-protection-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rake-0:12.0.0-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-rdoc-0:5.0.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-0:2.2.0-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-sinatra-doc-0:2.2.0-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-test-unit-0:3.2.3-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-0:0.3.6-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-thread_safe-doc-0:0.3.6-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-0:2.0.11-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tilt-doc-0:2.0.11-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-0:1.2.10-1.el7rhgs.src", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-tzinfo-doc-0:1.2.10-1.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygem-xmlrpc-0:0.2.1-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-0:2.6.14.4-94.el7rhgs.noarch", "7Server-RH-Gluster-3.5-WebAdministration:rubygems-devel-0:2.6.14.4-94.el7rhgs.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "rubygem-tzinfo: arbitrary code execution" } ] }
rhsa-2022_8532
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated Satellite 6.9 packages that fix several bugs are now available for Red Hat Satellite.", "title": "Topic" }, { "category": "general", "text": "Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.\n\nSecurity Fix(es):\n* tfm-rubygem-puma: http request smuggling vulnerabilities (CVE-2022-24790)\n\nThis update fixes the following bugs:\n* 2038995: When executing the content migration (pre-upgrade process), there is a PG query created by pulp that will be sitting forever\n* 2074099: The errata migration continues to fail with \"pymongo.errors.DocumentTooLarge: BSON document too large\" error even after upgrading to Satellite 6.9.8\n* 2081560: ForeignKeyViolation Error with docker_meta_tags\n* 2091438: Use of content.count() in app/models/repository.py seems to hit an error\n* 2093829: \u0027foreman-maintain content migration-stats\u0027 command stucks and consume all memory\n* 2098221: Pulp 3 migration stats timing is too low for very large deployments\n* 2141348: It appears that the egg is downloaded every time\n\nUsers of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2022:8532", "url": "https://access.redhat.com/errata/RHSA-2022:8532" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2038995", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038995" }, { "category": "external", "summary": "2071616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616" }, { "category": "external", "summary": "2074099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074099" }, { "category": "external", "summary": "2081560", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081560" }, { "category": "external", "summary": "2091438", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2091438" }, { "category": "external", "summary": "2093829", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093829" }, { "category": "external", "summary": "2098221", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2098221" }, { "category": "external", "summary": "2141348", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141348" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8532.json" } ], "title": "Red Hat Security Advisory: Satellite 6.9.10 Async Security Update", "tracking": { "current_release_date": "2024-11-22T20:58:30+00:00", "generator": { "date": "2024-11-22T20:58:30+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2022:8532", "initial_release_date": "2022-11-17T17:20:06+00:00", "revision_history": [ { "date": "2022-11-17T17:20:06+00:00", "number": "1", "summary": "Initial version" }, { "date": "2022-11-17T17:20:06+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T20:58:30+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Satellite Capsule 6.9", "product": { "name": "Red Hat Satellite Capsule 6.9", "product_id": "7Server-Capsule69", "product_identification_helper": { "cpe": "cpe:/a:redhat:satellite_capsule:6.9::el7" } } }, { "category": "product_name", "name": "Red Hat Satellite 6.9", "product": { "name": "Red Hat Satellite 6.9", "product_id": "7Server-Satellite69", "product_identification_helper": { "cpe": "cpe:/a:redhat:satellite:6.9::el7" } } } ], "category": "product_family", "name": "Red Hat Satellite 6" }, { "branches": [ { "category": "product_version", "name": "satellite-0:6.9.10-1.el7sat.src", "product": { "name": "satellite-0:6.9.10-1.el7sat.src", "product_id": "satellite-0:6.9.10-1.el7sat.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/satellite@6.9.10-1.el7sat?arch=src" } } }, { "category": "product_version", "name": "tfm-rubygem-puma-0:4.3.12-1.el7sat.src", "product": { "name": "tfm-rubygem-puma-0:4.3.12-1.el7sat.src", "product_id": "tfm-rubygem-puma-0:4.3.12-1.el7sat.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tfm-rubygem-puma@4.3.12-1.el7sat?arch=src" } } }, { "category": "product_version", "name": "python-pulp_2to3_migration-0:0.11.13-1.el7pc.src", "product": { "name": "python-pulp_2to3_migration-0:0.11.13-1.el7pc.src", "product_id": "python-pulp_2to3_migration-0:0.11.13-1.el7pc.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-pulp_2to3_migration@0.11.13-1.el7pc?arch=src" } } }, { "category": "product_version", "name": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src", "product": { "name": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src", "product_id": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tfm-rubygem-foreman_rh_cloud@3.0.33-1.el7sat?arch=src" } } }, { "category": "product_version", "name": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src", "product": { "name": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src", "product_id": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tfm-rubygem-katello@3.18.1.55-1.el7sat?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "satellite-capsule-0:6.9.10-1.el7sat.noarch", "product": { "name": "satellite-capsule-0:6.9.10-1.el7sat.noarch", "product_id": "satellite-capsule-0:6.9.10-1.el7sat.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/satellite-capsule@6.9.10-1.el7sat?arch=noarch" } } }, { "category": "product_version", "name": "satellite-common-0:6.9.10-1.el7sat.noarch", "product": { "name": "satellite-common-0:6.9.10-1.el7sat.noarch", "product_id": "satellite-common-0:6.9.10-1.el7sat.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/satellite-common@6.9.10-1.el7sat?arch=noarch" } } }, { "category": "product_version", "name": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch", "product": { "name": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch", "product_id": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/satellite-debug-tools@6.9.10-1.el7sat?arch=noarch" } } }, { "category": "product_version", "name": "satellite-0:6.9.10-1.el7sat.noarch", "product": { "name": "satellite-0:6.9.10-1.el7sat.noarch", "product_id": "satellite-0:6.9.10-1.el7sat.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/satellite@6.9.10-1.el7sat?arch=noarch" } } }, { "category": "product_version", "name": "satellite-cli-0:6.9.10-1.el7sat.noarch", "product": { "name": "satellite-cli-0:6.9.10-1.el7sat.noarch", "product_id": "satellite-cli-0:6.9.10-1.el7sat.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/satellite-cli@6.9.10-1.el7sat?arch=noarch" } } }, { "category": "product_version", "name": "python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch", "product": { "name": "python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch", "product_id": "python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python3-pulp-2to3-migration@0.11.13-1.el7pc?arch=noarch" } } }, { "category": "product_version", "name": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch", "product": { "name": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch", "product_id": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tfm-rubygem-foreman_rh_cloud@3.0.33-1.el7sat?arch=noarch" } } }, { "category": "product_version", "name": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch", "product": { "name": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch", "product_id": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tfm-rubygem-katello@3.18.1.55-1.el7sat?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64", "product": { "name": "tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64", "product_id": "tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tfm-rubygem-puma@4.3.12-1.el7sat?arch=x86_64" } } }, { "category": "product_version", "name": "tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64", "product": { "name": "tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64", "product_id": "tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tfm-rubygem-puma-debuginfo@4.3.12-1.el7sat?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "satellite-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.9", "product_id": "7Server-Capsule69:satellite-0:6.9.10-1.el7sat.noarch" }, "product_reference": "satellite-0:6.9.10-1.el7sat.noarch", "relates_to_product_reference": "7Server-Capsule69" }, { "category": "default_component_of", "full_product_name": { "name": "satellite-0:6.9.10-1.el7sat.src as a component of Red Hat Satellite Capsule 6.9", "product_id": "7Server-Capsule69:satellite-0:6.9.10-1.el7sat.src" }, "product_reference": "satellite-0:6.9.10-1.el7sat.src", "relates_to_product_reference": "7Server-Capsule69" }, { "category": "default_component_of", "full_product_name": { "name": "satellite-capsule-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.9", "product_id": "7Server-Capsule69:satellite-capsule-0:6.9.10-1.el7sat.noarch" }, "product_reference": "satellite-capsule-0:6.9.10-1.el7sat.noarch", "relates_to_product_reference": "7Server-Capsule69" }, { "category": "default_component_of", "full_product_name": { "name": "satellite-cli-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.9", "product_id": "7Server-Capsule69:satellite-cli-0:6.9.10-1.el7sat.noarch" }, "product_reference": "satellite-cli-0:6.9.10-1.el7sat.noarch", "relates_to_product_reference": "7Server-Capsule69" }, { "category": "default_component_of", "full_product_name": { "name": "satellite-common-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.9", "product_id": "7Server-Capsule69:satellite-common-0:6.9.10-1.el7sat.noarch" }, "product_reference": "satellite-common-0:6.9.10-1.el7sat.noarch", "relates_to_product_reference": "7Server-Capsule69" }, { "category": "default_component_of", "full_product_name": { "name": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite Capsule 6.9", "product_id": "7Server-Capsule69:satellite-debug-tools-0:6.9.10-1.el7sat.noarch" }, "product_reference": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch", "relates_to_product_reference": "7Server-Capsule69" }, { "category": "default_component_of", "full_product_name": { "name": "python-pulp_2to3_migration-0:0.11.13-1.el7pc.src as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:python-pulp_2to3_migration-0:0.11.13-1.el7pc.src" }, "product_reference": "python-pulp_2to3_migration-0:0.11.13-1.el7pc.src", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch" }, "product_reference": "python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "satellite-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:satellite-0:6.9.10-1.el7sat.noarch" }, "product_reference": "satellite-0:6.9.10-1.el7sat.noarch", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "satellite-0:6.9.10-1.el7sat.src as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:satellite-0:6.9.10-1.el7sat.src" }, "product_reference": "satellite-0:6.9.10-1.el7sat.src", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "satellite-capsule-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:satellite-capsule-0:6.9.10-1.el7sat.noarch" }, "product_reference": "satellite-capsule-0:6.9.10-1.el7sat.noarch", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "satellite-cli-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:satellite-cli-0:6.9.10-1.el7sat.noarch" }, "product_reference": "satellite-cli-0:6.9.10-1.el7sat.noarch", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "satellite-common-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:satellite-common-0:6.9.10-1.el7sat.noarch" }, "product_reference": "satellite-common-0:6.9.10-1.el7sat.noarch", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:satellite-debug-tools-0:6.9.10-1.el7sat.noarch" }, "product_reference": "satellite-debug-tools-0:6.9.10-1.el7sat.noarch", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch" }, "product_reference": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src" }, "product_reference": "tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch" }, "product_reference": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src" }, "product_reference": "tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "tfm-rubygem-puma-0:4.3.12-1.el7sat.src as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.src" }, "product_reference": "tfm-rubygem-puma-0:4.3.12-1.el7sat.src", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64 as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64" }, "product_reference": "tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64", "relates_to_product_reference": "7Server-Satellite69" }, { "category": "default_component_of", "full_product_name": { "name": "tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64 as a component of Red Hat Satellite 6.9", "product_id": "7Server-Satellite69:tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64" }, "product_reference": "tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64", "relates_to_product_reference": "7Server-Satellite69" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-24790", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2022-04-04T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-Capsule69:satellite-0:6.9.10-1.el7sat.noarch", "7Server-Capsule69:satellite-0:6.9.10-1.el7sat.src", "7Server-Capsule69:satellite-capsule-0:6.9.10-1.el7sat.noarch", "7Server-Capsule69:satellite-cli-0:6.9.10-1.el7sat.noarch", "7Server-Capsule69:satellite-common-0:6.9.10-1.el7sat.noarch", "7Server-Capsule69:satellite-debug-tools-0:6.9.10-1.el7sat.noarch", "7Server-Satellite69:python-pulp_2to3_migration-0:0.11.13-1.el7pc.src", "7Server-Satellite69:python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch", "7Server-Satellite69:satellite-0:6.9.10-1.el7sat.noarch", "7Server-Satellite69:satellite-0:6.9.10-1.el7sat.src", "7Server-Satellite69:satellite-capsule-0:6.9.10-1.el7sat.noarch", "7Server-Satellite69:satellite-cli-0:6.9.10-1.el7sat.noarch", "7Server-Satellite69:satellite-common-0:6.9.10-1.el7sat.noarch", "7Server-Satellite69:satellite-debug-tools-0:6.9.10-1.el7sat.noarch", "7Server-Satellite69:tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch", "7Server-Satellite69:tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src", "7Server-Satellite69:tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch", "7Server-Satellite69:tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2071616" } ], "notes": [ { "category": "description", "text": "A HTTP request smuggling flaw was found in puma. This issue occurs when using puma behind a proxy. Puma does not validate incoming HTTP requests, as per RFC specification, leading to loss of integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "puma-5.6.4: http request smuggling vulnerabilities", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.src", "7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64", "7Server-Satellite69:tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64" ], "known_not_affected": [ "7Server-Capsule69:satellite-0:6.9.10-1.el7sat.noarch", "7Server-Capsule69:satellite-0:6.9.10-1.el7sat.src", "7Server-Capsule69:satellite-capsule-0:6.9.10-1.el7sat.noarch", "7Server-Capsule69:satellite-cli-0:6.9.10-1.el7sat.noarch", "7Server-Capsule69:satellite-common-0:6.9.10-1.el7sat.noarch", "7Server-Capsule69:satellite-debug-tools-0:6.9.10-1.el7sat.noarch", "7Server-Satellite69:python-pulp_2to3_migration-0:0.11.13-1.el7pc.src", "7Server-Satellite69:python3-pulp-2to3-migration-0:0.11.13-1.el7pc.noarch", "7Server-Satellite69:satellite-0:6.9.10-1.el7sat.noarch", "7Server-Satellite69:satellite-0:6.9.10-1.el7sat.src", "7Server-Satellite69:satellite-capsule-0:6.9.10-1.el7sat.noarch", "7Server-Satellite69:satellite-cli-0:6.9.10-1.el7sat.noarch", "7Server-Satellite69:satellite-common-0:6.9.10-1.el7sat.noarch", "7Server-Satellite69:satellite-debug-tools-0:6.9.10-1.el7sat.noarch", "7Server-Satellite69:tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.noarch", "7Server-Satellite69:tfm-rubygem-foreman_rh_cloud-0:3.0.33-1.el7sat.src", "7Server-Satellite69:tfm-rubygem-katello-0:3.18.1.55-1.el7sat.noarch", "7Server-Satellite69:tfm-rubygem-katello-0:3.18.1.55-1.el7sat.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-24790" }, { "category": "external", "summary": "RHBZ#2071616", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071616" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-24790", "url": "https://www.cve.org/CVERecord?id=CVE-2022-24790" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24790" } ], "release_date": "2022-03-30T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2022-11-17T17:20:06+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor detailed instructions how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_satellite/6.9/html/upgrading_and_updating_red_hat_satellite/updating_satellite_server_capsule_server_and_content_hosts", "product_ids": [ "7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.src", "7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64", "7Server-Satellite69:tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2022:8532" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.src", "7Server-Satellite69:tfm-rubygem-puma-0:4.3.12-1.el7sat.x86_64", "7Server-Satellite69:tfm-rubygem-puma-debuginfo-0:4.3.12-1.el7sat.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "puma-5.6.4: http request smuggling vulnerabilities" } ] }
gsd-2022-24790
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2022-24790", "description": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.", "id": "GSD-2022-24790", "references": [ "https://www.suse.com/security/cve/CVE-2022-24790.html", "https://security.archlinux.org/CVE-2022-24790", "https://www.debian.org/security/2022/dsa-5146", "https://access.redhat.com/errata/RHSA-2022:8532" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "affected": [ { "package": { "ecosystem": "RubyGems", "name": "puma", "purl": "pkg:gem/puma" } } ], "aliases": [ "CVE-2022-24790", "GHSA-h99w-9q5r-gjq9" ], "details": "### Impact\n\nWhen using Puma behind a proxy that does not properly validate that the\nincoming HTTP request matches the RFC7230 standard, Puma and the frontend\nproxy may disagree on where a request starts and ends. This would allow\nrequests to be smuggled via the front-end proxy to Puma.\n\nThe following vulnerabilities are addressed by this advisory:\n- Lenient parsing of `Transfer-Encoding` headers, when unsupported encodings\n should be rejected and the final encoding must be `chunked`.\n- Lenient parsing of malformed `Content-Length` headers and chunk sizes, when\n only digits and hex digits should be allowed.\n- Lenient parsing of duplicate `Content-Length` headers, when they should be\n rejected.\n- Lenient parsing of the ending of chunked segments, when they should end\n with `\\r\\n`.\n\n### Patches\n\nThe vulnerability has been fixed in 5.6.4 and 4.3.12.\n\n### Workarounds\n\nWhen deploying a proxy in front of Puma, turning on any and all functionality\nto make sure that the request matches the RFC7230 standard.\n\nThese proxy servers are known to have \"good\" behavior re: this standard and\nupgrading Puma may not be necessary. Users are encouraged to validate for\nthemselves.\n\n- Nginx (latest)\n- Apache (latest)\n- Haproxy 2.5+\n- Caddy (latest)\n- Traefik (latest)\n\n### References\n\n[HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling)\n", "id": "GSD-2022-24790", "modified": "2022-03-30T00:00:00.000Z", "published": "2022-03-30T00:00:00.000Z", "references": [ { "type": "WEB", "url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9" }, { "type": "WEB", "url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5" } ], "schema_version": "1.4.0", "severity": [ { "score": 9.1, "type": "CVSS_V3" } ], "summary": "HTTP Request Smuggling in puma" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24790", "STATE": "PUBLIC", "TITLE": "HTTP Request Smuggling in puma" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "puma", "version": { "version_data": [ { "version_value": "\u003c 4.3.12" }, { "version_value": "\u003e= 5.0.0, \u003c 5.6.4" } ] } } ] }, "vendor_name": "puma" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard." } ] }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9", "refsource": "CONFIRM", "url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9" }, { "name": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5", "refsource": "MISC", "url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5" }, { "name": "DSA-5146", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5146" }, { "name": "GLSA-202208-28", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-28" }, { "name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html" }, { "name": "FEDORA-2022-de968d1b6c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/" }, { "name": "FEDORA-2022-52d0032596", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/" }, { "name": "FEDORA-2022-7c8b29195f", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/" } ] }, "source": { "advisory": "GHSA-h99w-9q5r-gjq9", "discovery": "UNKNOWN" } }, "github.com/rubysec/ruby-advisory-db": { "cve": "2022-24790", "cvss_v3": 9.1, "date": "2022-03-30", "description": "### Impact\n\nWhen using Puma behind a proxy that does not properly validate that the\nincoming HTTP request matches the RFC7230 standard, Puma and the frontend\nproxy may disagree on where a request starts and ends. This would allow\nrequests to be smuggled via the front-end proxy to Puma.\n\nThe following vulnerabilities are addressed by this advisory:\n- Lenient parsing of `Transfer-Encoding` headers, when unsupported encodings\n should be rejected and the final encoding must be `chunked`.\n- Lenient parsing of malformed `Content-Length` headers and chunk sizes, when\n only digits and hex digits should be allowed.\n- Lenient parsing of duplicate `Content-Length` headers, when they should be\n rejected.\n- Lenient parsing of the ending of chunked segments, when they should end\n with `\\r\\n`.\n\n### Patches\n\nThe vulnerability has been fixed in 5.6.4 and 4.3.12.\n\n### Workarounds\n\nWhen deploying a proxy in front of Puma, turning on any and all functionality\nto make sure that the request matches the RFC7230 standard.\n\nThese proxy servers are known to have \"good\" behavior re: this standard and\nupgrading Puma may not be necessary. Users are encouraged to validate for\nthemselves.\n\n- Nginx (latest)\n- Apache (latest)\n- Haproxy 2.5+\n- Caddy (latest)\n- Traefik (latest)\n\n### References\n\n[HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling)\n", "gem": "puma", "ghsa": "h99w-9q5r-gjq9", "patched_versions": [ "~\u003e 4.3.12", "\u003e= 5.6.4" ], "related": { "url": [ "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5" ] }, "title": "HTTP Request Smuggling in puma", "url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9" }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c4.3.12||\u003e=5.0.0 \u003c5.6.4", "affected_versions": "All versions before 4.3.12, all versions starting from 5.0.0 before 5.6.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cwe_ids": [ "CWE-1035", "CWE-444", "CWE-937" ], "date": "2022-10-12", "description": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.", "fixed_versions": [], "identifier": "CVE-2022-24790", "identifiers": [ "CVE-2022-24790", "GHSA-h99w-9q5r-gjq9" ], "not_impacted": "", "package_slug": "gem/gitlab-puma", "pubdate": "2022-03-30", "solution": "Unfortunately, there is no solution available yet.", "title": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2022-24790", "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5", "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9" ], "uuid": "d511407c-e0b0-45e0-8d87-5ca4f9ae7123" }, { "affected_range": "\u003c4.3.12||\u003e=5.0.0 \u003c5.6.4", "affected_versions": "All versions before 4.3.12, all versions starting from 5.0.0 before 5.6.4", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cwe_ids": [ "CWE-1035", "CWE-444", "CWE-937" ], "date": "2022-10-12", "description": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.", "fixed_versions": [ "4.3.12", "5.6.4" ], "identifier": "CVE-2022-24790", "identifiers": [ "CVE-2022-24790", "GHSA-h99w-9q5r-gjq9" ], "not_impacted": "All versions starting from 4.3.12 before 5.0.0, all versions starting from 5.6.4", "package_slug": "gem/puma", "pubdate": "2022-03-30", "solution": "Upgrade to versions 4.3.12, 5.6.4 or above.", "title": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "urls": [ "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9", "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5", "https://github.com/advisories/GHSA-h99w-9q5r-gjq9" ], "uuid": "e3fa2ba1-01ed-4de4-8bc1-8761adf07836" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*", "cpe_name": [], "versionEndExcluding": "4.3.12", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*", "cpe_name": [], "versionEndExcluding": "5.6.4", "versionStartIncluding": "5.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-24790" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-444" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5", "refsource": "MISC", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5" }, { "name": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9", "refsource": "CONFIRM", "tags": [ "Issue Tracking", "Third Party Advisory" ], "url": "https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9" }, { "name": "DSA-5146", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2022/dsa-5146" }, { "name": "GLSA-202208-28", "refsource": "GENTOO", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202208-28" }, { "name": "[debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update", "refsource": "MLIST", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html" }, { "name": "FEDORA-2022-de968d1b6c", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/" }, { "name": "FEDORA-2022-52d0032596", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/" }, { "name": "FEDORA-2022-7c8b29195f", "refsource": "FEDORA", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2022-10-12T13:15Z", "publishedDate": "2022-03-30T22:15Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.